6 Jul 2020

How to face cyber security

Cybersecurity, even better information security, cannot be considered only a matter of technology, it should be approached organization wide.

According to the latest research by Accenture Security the average cost of a cyber incident (information theft, production downtime etc.) is around 13 million dollars.
Modern threats are so complex that involves different aspects other than technology.

A proper strategy should take in account:
·       Business processes
·       Human factor
·       Audit and monitoring
·       Technology

Let's see how.


Information security should be treated as any other security issue.
A lot of incident could be avoided if the company has an information security emergency plan and procedures in place.

Just think about BEC (Business Email Compromise) and rogue wire transfers on offshore accounts:  defining simple procedures for approval and check of information can avoid huge losses.
Moreover, a company is expected to have an incident response plan in order to be able to implement the best course of action and minimize damages.
The organization must also provide proper collaboration tools to their users in order to ensure an adequate level of security. Otherwise, without the right tools and if remote working is required the users may start using personal file sharing tools (like WeTransfer, drobox personal etc.) outside IT control exposing the whole company to the risk of a data breach.


According to CLUSIT, 20% of attacks exploit human trust and weakness. "Human vulnerabilities" can be exploited either as a stand-alone attack or as the first vector of a more complex attack.
In the last scenario, social engineering and phishing represent almost 60% of initial vectors.

Since technology is not enough to stop these threats, companies should work to increase the cyberthreat awareness of their employees making them able to identify a fraud from a legit message.
Information security awareness must be continuous and should reflect real world threats. The best approach mixes theoretical lesson to learn the basics of cyber security and real-world simulations to test users and to make them prepared to discern threat during their daily life. 


According to the latest research, companies take on average 200 hundred days to detect a cyber-attack, meaning they discover the attack when it is already too late. Early detection of an attack is essential to reduce losses.

How can we reach this result? Companies should work on two sides: first of all, they should reduce their attack surface in order to decrease the probability of an attack and simplifying the monitoring of the infrastructure. The second goal should be monitoring the infrastructure to detect any possible sign of an attack.
To reduce the attack surface organizations should plan constant updates of their software and solutions in order to fix known vulnerabilities. At the same time, they should also define periodic assessments (such as penetration test) to test the security level of their systems and start a process of continuous improvements.
Effective infrastructure monitoring requires the aggregation and correlation of events from different sources (domain controller, UTM appliances, endpoint security software, groupware solutions, etc.) to identify the behavior of possible intruders. However, a monitoring solution is not enough because an organization needs people able to read and understand the alerts generated by this system.


Finally, technology come in place and usually this is the aspect were companies focus more. In fact, often companies already own the solution needed to harden their infrastructure and should only enable them.
Just think about MFA (Multi Factor Authentication) and conditional access, which are included in all the main collaboration suites. Consider also endpoint solution software having some features disabled to improve performance or because of obsolete OS (what we said about updates?).
Finally, as smart working is increasingly popular and widespread, organizations should also focus on device management (through MDM/MAM solutions) and VPN secure access.

Other articles