Security is likely to be a focus for most organisations this year. Organisations can no longer afford to risk the financial and reputational impacts of a breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This means we are seeing an increase in compliance audits so that IT managers have something tangible to show senior management and boards.
An ISO audit, for example, can demonstrate that organisations have the right policies, educated staff and the right security technology, and can enforce policies or report on people that are breaking their policies.
The IT policy is a critical component of an organisation’s security strategy. This is particularly important in light of new technologies such as the Internet of Things; IT managers must implement security policies before these devices are allowed to connect to the network and access data.
IT managers need to have policies regarding which devices can connect, when they can connect, and how staff members can get approval to connect devices. Over the years organisations have not looked at security with the same diligence as they do now. This means that there are adhoc policies and/or technology across the organisation potentially creating a security risk.
Furthermore, they haven’t implemented the right policies from the start before taking on new technology. When under scrutiny, it can be tempting to just take on more technology but this doesn’t necessarily address the problem and can create a mix of technology that follows different standards. This can create a hole in the environment.
To ensure they can prove their security measures are adequate, IT managers should conduct an audit to see where security is lacking and then invest to update any technology as appropriate to enforce these policies.
Once this is in place it is important for IT managers to continually conduct audits to find issues, improve and remediate.
Mark Blower, national business manager – Networks & Security, Empired
