A large-scale attack is not only a cost issue, it also affects a company’s entire information management, not to mention its reputation and trust. But how should companies think, what investments in staff, procedures and IT infrastructure should be made to protect against breaches?
Tackle security risks – distribute knowledge
Companies can plug their gaps by working strategically and systematically and building a high level of information security and cybersecurity. But of course, this cannot be resolved in a coffee break: it requires commitment and continuous skills development, not just from the IT department and senior management, but from the whole company. A lack of security could mean that one click causes information to disappear or allows attackers to access companies’ systems.
Information security – preventive efforts
ISO 27000 provides a generally accepted definition, stating that information security involves protecting the confidentiality, accuracy and availability of information. In simple terms, it involves preventing company information from being leaked, distorted or destroyed, but also ensuring that the right information is available to the right people at the right time.
Information security also includes all data, regardless of its form, and includes both administrative and technical measures. Administrative measures may include laws, procedures for authorisation and training initiatives, for example, while technical measures are more technologies for login, firewalls or physical control.
Cybersecurity – the digital frontline
Cybersecurity involves building security protection against external digital threats. Security measures must protect networks and systems, users and third parties. ISO/IEC TS 27100: 2020 defines cybersecurity as “safeguarding of people, society, organizations and nations from cyber risks”.
When a company is subject to a cyberattack, attackers manage to get past the defences and hijack, alter or destroy sensitive information. Companies are often asked to pay large ransoms in order to regain control. The European Union Agency for Cybersecurity (ENISA) conducted a survey in 2019–2020 showing that the most common cyber threats were ransomware, malware, cryptojacking, phishing and identity theft.
At WISER, we offer courses to help organisations build their security protection and secure their information so that there are no leaks and it is available to the right people at the right time. The courses will be aimed in particular at people who are currently working on this type of issue and who want to enhance their knowledge and/or broaden their expertise.