Although cybersecurity solutions are increasingly numerous and sophisticated, hackers still manage to breach and access our systems. How to defend ourselves?
If protecting your business by security is a constant concern for companies, in recent years, however, the cybersecurity has had a real boost.
Digitization makes data more accessible because they are distributed not only within the infrastructures of business systems but now more and more integrated into the network, in collaborative systems (with access sharing, for example, with partners or service providers). The data have become a strategic resource for business companies: from statistical and advanced elaborations they generate information that feeds decision-making processes and industrial control systems. The Cisco 2017 Annual Cybersecurity Report found that more than a third of organizations that have been hacked have lost more than 20% of their revenue.
The need to protect strategic data and business operations has encouraged the creation of increasingly sophisticated security solutions, until the adoption of the AI.
All major technology companies are spending millions every year in terms of artificial intelligence and cybersecurity, from Microsoft to Google, from Cisco to Symantec, including large anti-virus companies. In recent years there has also been an increase in start-ups around security tools that rely on Machine Learning and AI (Darktrace, Cylance, AlienVault, etc.).
Although the security solutions available on the market are increasingly numerous and sophisticated, hackers still manage to violate them and access company data. Indeed, cyber attacks seem to become increasingly widespread, of a global nature and aimed at ever-larger markets.
The Kaspersky Lab Report 2017 showed that 54% of the sample of 359 industries in 21 countries worldwide suffered more than one cyber attack in the last 12 months.
How to defend?
Companies often invest in security systems only to defend the business perimeter, when hackers are already inside their systems and they do not realize it. A bit ‘because with the introduction of digitalization in companies and industries, technologies such as IoT (Internet of Things) / IIoT (Industrial Internet of Things) and Cloud, have quickly expanded the scope of corporate architectures, making it difficult to control with the old security systems, but above all because the APT (Advanced Persistent Threat) and Insider Threat: structured and continuous attacks have been significantly increased, they are the work of minds who have studied their objectives well, have identified their vulnerabilities and exploit them to access their network and steal data in a way that is not always timely intercepted.
Sometimes in the face of a malware or virus attack, the IT directions take over with an intervention aimed at hindering the single event, without understanding if this is the signal of a strategic plan in place that searches for the vulnerabilities of the infrastructure to design an attack wider.
Homogeneous governance and security architecture are therefore the fundamental tools with which to effectively hinder hacker attacks: new integrated technologies that are able to monitor application platforms and intercept when applications deviate from the expected behavior, are a useful tool for the purpose of securing.
But technological solutions can only work if they are in support of a real widespread culture of security. A culture fed by personnel trained to manage risks and reduce the impact of possible violations, able to define technical and organizational procedures to ensure maximum protection of company information systems.
A culture that engages an assessment of potential security risks whenever it takes into account new business models or collaborations with third parties.
According to the SANS Institute, in fact, 80% of corporate security breaches come from the supply chain.
Even if there is no solution that can put an organization in complete safety, it is important that it has a robust and multi-level strategic security program to prevent it in the best possible way, detect any violations promptly and mitigate risks as much as possible.
Fundamental elements of a strategic program
- Experienced security personnel: all personnel who interact with sensitive systems and data, whether employees or collaborators, must understand their responsibilities and obligations regarding security checks and awareness of potential attack vectors
- Evaluation and monitoring of all potential risks associated with third parties, such as suppliers of goods and services for the enterprise, which may have access to potentially sensitive resources
- Flexible architectures, able to make the perimeter ever more extensive and heterogeneous, constantly evolving, controllable
- Metrics to measure the efficiency of security systems
- Procedures for detecting violations and risk mitigation procedures, supported by suitable technological tools
How ZeraTech can help you:
We work together to create a culture of security in companies. How do we do it? We support and guide our customers in the design of solid and safe architectures, in the choice of the best performing technologies to support security procedures according to the specific context. We offer security assessment services to implement optimized prevention and monitoring solutions. We collaborate to define training courses to sensitize and empower employees on safety issues.