Nowadays, the necessity of implementation measures securing the enterprise against cyber-attacks is obvious. Ransomware attacks, data theft, disk encryption, theft of computing power to generate cryptocurrencies are just some examples of the threats that a modern organization has to face. The problem concerns practically to everyone – large and small representatives of industry, the financial sector, services, government and administration units. The basis for the implementation of many projects aimed at increasing the effectiveness of IT infrastructure security was an effective attack that completely paralyzed the contracting authority’s operation.
The market is full of technical solutions designed to provide protection against attacks coming from cyberspace. Securing IT systems often comes down to the implementation of products, which are supposed to be a panacea for all problems. Unfortunately, it turns out that the failure to take into account the limitations related to the functionality of security mechanisms, as well as the lack of proper management of them, mean that the level of security of IT systems increases slightly at best. An anecdote has grown into the frequently observed case of implementing filtering mechanisms for network connections configured in such a way that these connections are not filtered at all – which of course does not increase the level of protection against attacks in any way, but can be a significant budget expense.
Experience shows that the necessary element to ensure effective protection against cyber threats is the implementation of IT security management processes. Their proper functioning allows not only to quickly detect a threat and react to it, but most of all to prevent a situation in which an attempt to attack an organization could be effective. This includes software management in such a way that there are no security vulnerabilities in it or the implementation of changes to IT systems which takes into account the requirements of protection against cyber-attacks. They also contain processes related to ensuring the secure operation of systems by users, including appropriate access management which takes into account the principle of minimum permissions, and conducting training and awareness-raising activities (e.g social engineering tests simulating, for example, sending e-mails containing viruses). User- centric cybersecurity management is important as it is perhaps the most common target of attack.
The implementation of cybersecurity management processes should be formalized and structured. The reference point are the standards regulating the issues of information security and IT security management, for instance ISO/IEC 27001. Such an approach will ensure that the level of risk in the area of cybersecurity is controlled and maintained at a level acceptable to the organization.
Adam Gałach, Prezes Zarządu, Galach Consulting Sp. z o.o.