Principales elementos a incluir en la estrategia de ciberseguridad de una empresa

Principales elementos a incluir en la estrategia de ciberseguridad de una empresa

one size fits all

There is no “one size fits all” when it comes to cybersecurity.

Over the last six months, we have seen an escalation in the number of reported cyberattacks, in their range, sophistication and in their long-lasting impact on businesses such as the Colonial Pipeline attack, and SolarWinds to name just two. These events obviously highlight the importance of having an effective cybersecurity strategy per organization, one size fits all because even if an organization undergoes such an attack, there should be company processes in place to mitigate the severity of the consequences. To do that, companies must monitor and be aware of the main existing security risks and effectively respond to these types of incidents as they occur.

Still, each organization is different in its make-up, business needs, productivity measurements and workflows. Each organization has different network architectures and software. There is no “one size fits all” when it comes to cyber security.

CISOs

Security teams are usually aware that they need to identify the cyber risks most likely to affect their own business’ smooth running and build a security infrastructure aligned with the company’s risk tolerance level. But that is easier said than done.

Even now, with everything that has occurred, many enterprises do not prioritize personnel and budgets for this purpose, often leaving the CIO or CISO and her/his team to “fend” for themselves. Without the appropriate resources and without full company involvement and support, that is a very tall order.

In addition to organizational support, with the plethora of different approaches and tools, identifying the optimal security path requires adopting proactive and scalable methods and the ability to prioritize the different types of cyber threats.

Whether you obsess about cybersecurity every day or you are completely new to the process, there are certain things that you should consider to make your company’s cybersecurity strategy successful. In this post, we’ll reveal five elements you should include in your strategy, regardless of whether you are the sole proprietor of a brand new business or looking to transform the security posture of a large, well-established organization.

    1. Understand the difference between compliance and security.

      In any instance where your company collects personal information or data as part of your relationship with your customers or vendors, you have an ethical if not legal obligation to be a responsible steward of that data. It is not enough to say “we won’t share your personal information” or be able to produce required audit reports if asked, because that’s not really security. The first step to creating a security strategy is knowing what data you collect, where it’s stored, who has access to it, and why. This enables you to establish what is “normal” data use for your organization and makes it much easier to see when someone is trying to steal it.

    2. Make data security everyone’s responsibility.

      Forrester Research recently reported that 80% of security breaches involve privileged credentials. That means an insider either unwittingly or with malicious intent exposed their credentials, and likely sensitive personal data, to a cyber-criminal. Another pillar of a cybersecurity strategy should be educating employees on the fundamentals of how to proactively limit exposing their credentials. This can be as simple as asking people to log out of sensitive databases when finished with them or helping them identify a likely phishing attack. An organization like the National Cyber Security Alliance offers great resources to get you started. It’s also important to consider data access control issues. With the right technology, organizations can apply role-based user privilege access control rules to align individuals; privilege levels with the actual requirements of their job function. Not just once, but on a continuous basis.

    3. Account for the roles of your cloud vendors and ISPs.

      Organizations large and small share sensitive data with cloud-native architectures for a myriad of reasons. AWS’ very useful Shared Responsibility Model explains; very well that cloud vendors provide secure architectures in which their customers can store data; but it’s the customer’s responsibility to apply their security policy to the data. This detail seems to be lost on the vast majority of organizations. Gartner reports that at least 95% of cloud security failures until 2022 are predicted to be the customer’s fault.

      Part of your security strategy should be working with all your cloud-native vendors to ensure that their environments. Many retail and services organizations use ISPs to host their websites. They depend on their ISPs to keep their websites up and running regardless of traffic levels.

      If your website were ever subject to a Distributed Denial of Service (DDoS) attack; an incident whose sole purpose is to make your website and servers unavailable to legitimate users; you could be facing an existential threat. In many instances, to ensure the other websites they host are not subject to diminished performance. One size fits all an ISP will simply shut down a website under a DDoS attack until it stops. Part of your security strategy needs to account for DDoS attacks and have a solution in place to disperse; illegitimate web traffic without shutting down your website and ensure real customer traffic reaches your organization.

    4. Have a plan for if you are breached.

      In spite of best efforts, breaches happen and your data security strategy needs to account for what happens next. You should have a disaster recovery plan in place to secure your network; prevent further damage and identify the breach source as well as inform stakeholders and law enforcement. The plan should turn the incident into a positive by ensuring knowledge gleaned.

While these elements are essential, they are not all you need. We strongly recommend working with cybersecurity experts to accurately evaluate your specific threat landscape; and help you build a sustainable data security strategy for today and the future.

Today’s hyperconnected and decentralized workforce maneuvers within dynamic network; architectures and programs that have moved to the edge and the cloud. Therefore any effective cyber defense strategy must start with open communication between the CIO/CISO. One size fits all security teams, and company executives.

This open line of communication is especially important since 2020.

one size fits all

one size fits all

With the increased number of employees working remotely, security officers face the added challenge of providing remote workers with additional layers of security, as the organization is more exposed to cybercriminals.

Integrating business operations with security personnel helps employees understand security better. It also allows cybersecurity professionals to consider the organization’s business strategy and priorities. While establishing cyber security policies and managing cyber risk solutions and monitoring.

 

Additionally, establishing the following core security principles and policies empowers the CIO/CISO; to focus both on individual applications and the broader company infrastructure.

 

 

Sources:
(1) Security Boulevard
(2) CIO.com
(3) The World Economic Forum

Picture: <a href=’https://www.freepik.es/fotos/negocios’>Foto de Negocios creado por rawpixel.com – www.freepik.es</a>

Código Abierto. El valor de las ideas ha crecido

Código Abierto. El valor de las ideas ha crecido

Código Abierto

Today’s business leaders face enormous pressure from markets, competition, and the current pandemic, which is radically changing the way we do business and engage with customers. Organizations need to adapt, imagine new revenue models, innovate as never before, and attract a new generation of talent to fuel this evolution and help the business stay relevant.

In the last few decades, organizations large and small have started leveraging the benefits of open source at unprecedented levels. One of the benefits of working with open source technologies or projects is the free sharing of ideas. Open source brings people together to brainstorm and develop a common piece of technology.

business leaders face enormous pressure

The open source web frameworks offer an alternative that shifts the company focus from the centralisation of resources – which has become of little significance – to the adoption of more internationally widespread technologies. The technological exclusive and the supposed guarantees of a private supplier are exchanged for a transparent shared standard.

In the past technology ownership guaranteed a competitive edge over the competition and money could also be made from licensing.

With the growth of the web and the spread of technologies to support the online services, the IT sector has experienced the formation of a very fragmented situation.
In this scenario the big digital service companies have played an important role, at times determining with their economic weight the growth of some of these technologies and the consequent decline of others. New international standards have been set.

At the same time

Many cases of successful open source frameworks have emerged which have ridden the wave of the community-driven technologies, i.e. developed and maintained by international teams of independent developers.

business leaders face enormous pressure

In light of the success obtained by these frameworks, today privatising the technologies on which to base their services. Also and products means companies run the risk of reinventing the wheel, rather than concentrating on activities that create solid value.

Compared to open source frameworks the owned ones are more expensive; and risk becoming outdated more quickly in a world in constant evolution.

The value of ideas has increased

A shared technological standard on an international level, helped by an open source philosophy; has a superior value compared to the in-house alternatives. The ability to integrate programming languages and different tools effectively and using the resources already created; by other developers increases the competitiveness of the web-based platforms.

Considering the rise of open source frameworks the question is not how to centralise control over technology. But how to adapt these resources to our advantage, participating in their progressive enhancement while developing components for company use.
Technology is the tool that allows us to drive value; but this comes from positive ideas to digitalise the company resources available.

With freemium solutions like Soffid, the customer get all the benefits from both sides; from the traditional product and from the open source product. But they get a good support, they get a development roadmap and quick security fixes.

Soffid is one Single product, release like open source and including all the features; about Identity and access management, priviledge account management and identity governance.

Shall we talk?