David Faustino, Managing Director of Nexllence, addresses the issue of cybersecurity and how a cyberattack can have high financial and reputational costs for an organization.
How can concerns be addressed within an organization regarding potential leaks?
It is now known that leaks within organizations are overwhelmingly involuntary and unusual, caused by careless actions of users. By way of example, we have all already sent an email to the wrong person without any malicious intent; this e-mail may contain confidential information, which will thus be received by a person who should not have access to said information.
However, there are also leaks of intentional and pernicious information. Thus, the theme should be addressed in its various aspects: regular campaigns should be promoted to raise users’ awareness of this theme; a strict policy for managing access privileges to the organization’s resources should be implemented and operationalised; and finally, as the last line of defense, a Data Leak Prevention (DLP) solution should be implemented.
Do top leaders in companies and public authorities have digital literacy and realize the threats that can exist in an organization if they don’t invest in cybersecurity?
Top management in most medium and large companies and public bodies is now aware of existing threats and their impact on the business. We see three major difficulties for companies to further strengthen the cybersecurity of their business:
1. A partial view of what cybersecurity is, worrying only about part of the challenge;
2. The (false) feeling that the company is not large enough or interesting to be attacked;
3. Financial availability to implement a holistic cybersecurity plan. This being a management decision, we unfortunately see numerous cases in which the investment considered impossible is effectively made after a cyberattack, due to the consequent (and usually very significant) financial and reputational costs, by stopping the company’s activity and degradation of the image caused.
It is necessary to invest in IT infrastructures, processes, application component and data. What should be the starting point of the investment?
All companies have a current cybersecurity baseline. The most balanced perspective will be to work in parallel on two fronts:
a) in the short term, identifying the most serious cybersecurity vulnerabilities (through audits of penetration and vulnerability processes and tests) and resolving them if possible immediately;
b) In the medium-long term, creating a multi-year plan that schedules investment based on well-defined criteria such as criticality, cybersecurity literacy of company employees, business impact, business dynamics, compliance with prerequisites and/or regulations for more sophisticated initiatives and availability of investment.
More and more skills are needed to make an organisation as secure as possible. How can Nexllence help organizations?
Nexllence hasunique characteristics in cybersecurity, since it has internally all the competencies of the four pillars of cybersecurity: experience in the development and evolution of applications, where we use frameworks such as security by design and DevSecOps, among others; great capacity in the implementation and operation of perimeter security infrastructures, in the cloud and the end user, based on an experience of more than 20 years in critical sectors such as banking, telecommunications or utilities; and through an in-depth knowledge of data, whether in their storage systems, backup, as in database management systems and identity management, in the context of physical data center or in the cloud. In the fourth pillar, the definition of security policies and processes, we also have important references, particularly in the health, retail and distribution sectors.
Source: Business IT