SOMETIMES DOING THE SIMPLE THINGS IS JUST…RIGHT?
Photo Courtesy: elpadawan
In an industry characterized by the ongoing advancement of technology, the idea of the simplest approach also being the right one is simply outrageous. I spend countless hours trying to understand the next big thing in cyber security and solutions to fix this big, massive problem that we are all facing, which is keeping our IT infrastructure secure and available.
As threats have increased in sophistication with advanced malicious attacks, so has the complexity of the responses from the industry. It is of course correct that we are facing much more complex threat actors that today have the capability to create specifically crafted malware.
At the same time, vendors have come up with solutions that focus on identifying this behaviour in close to real time- with an expensive price-tag attached to the “silver bullet that will solve all of your malware issues”. It is not that all these solutions are ineffective, but they are complex to integrate and even more complex to operate, meaning that customers will often challenge the on-going value.
At the same time, I also see several businesses that have simply forgotten the ABCs of security as a result of being blinded by the complex and expensive solutions pushed by vendors– backed of course by a strong marketing message that “this is the only right thing to do, and if you do not do it, then you will be the next target”.
I almost feel like a broken record when I now give my 5 simple yet fundamental principles that organizations need to invest in to better protect themselves. Put simply, these are:
- Don’t give your employees and end-users too many rights
- Always keep your systems patched and up to date
- Understand how you can get infected
- Understand where your risks are and invest accordingly
- Perform a penetration test and fix glaring vulnerabilities
I have been giving the same advice the last 10 years, and I will most likely give the same advice the next 10 years. However, every time someone really follows this advice, I know that one more organization will be less vulnerable.
In my next blog, I will dive further into each of these key tenants for security. I hope that you will join me as we work to increase the cyber security posture across the Middle East.
Nicolai Solling, CTO at Help AG