3 Security Tips for CISOs in 2018

F-Secure experts say companies should focus on educating people and getting the basics right when looking at improving their cyber security.

Author: Taija
Date: 29.01.2018
Read Time: 3 Minutes

People make the difference

 

When discussing the most impactful cyber security measures with Tomi Tuominen, Practice Leader for Technical Security Consultancy and Cyber Intelligence in F-Secure’s Cyber Security Services, he points out three things:

  • Invest in good people
  • Invest in good people
  • Invest in good people

Educating users and allowing admin staff more time for training and certifications are key elements also according to Marvin Jackson, F-Secure ‘s Technical Capability Manager. Human error is the common element in many successful cyber attacks. Therefore, increasing security awareness among employees should be a top priority.

 

Stick to the basics

 

Companies often tend to look for silver bullets, when they should be focusing on the essentials of cyber security. Basic practices like patch management, rapid incident response, good backup processes, network segmentation and such, are time-consuming and take a lot of effort. Tuomo Makkonen, Principal Security Consultant in F-Secure’s Cyber Security Services, advices CISOs:

Stick to the basics. No need to get sophisticated before you have decent preventative, detective and responsive controls, procedures and practices in place. Usually the money invested in fancy next-generation kit is better spent ensuring that you’re utilizing what you already have as efficiently as possible.

The recommendation from our Senior Security Consultant Antti Laatikainen, is exactly the same:

Old school IT has not gone anywhere. There are clouds and containers, latest micro-services and whatnot. But there’s also patching, service hardening, firewalls, network segmentation and intrusion detection.

Still, what do we see most often? Huge flat networks, legacy servers running in production, unpatched systems and attack surfaces the size of a football field. I love all the new and shiny stuff, but this is a serious lesson for all of us – you have to take care of the foundation to be able to build a stable house. That’s just the way it is.

 

Think holistically

 

Cyber security must be treated like a never-ending process of continuous development. One that takes a holistic approach to cyber security, to predict, prevent, detect and respond to attacks, and supports businesses to meet their evolving strategic goals. As Marvin Jackson points out: “Think not just “that one thing” but holistically, how to improve the company security.”

“If you haven’t verified or tested a process, you are basing yourself on assumptions. And we all know what assumptions do to people” says Tom Van de Wiele, F-Secure’s Principal Security Consultant and red teaming professional. Tom encourages companies to take an honest look at their current situation:

Find out and understand what data is valuable to protect, and start with a gap analysis of where you are and where you want to be. Boost your monitoring capabilities as part of your defensive strategy. Understand the attacks that are out there. All the rest will follow.

Breaches happen, and will continue to happen as long as cyber security is considered as a one-off task. The advice from our experts for improving your cyber security this year is: focus on the holistic approach to effectively predict, prevent, detect and respond to attacks, educate your users continuously and take care of the basics. No silver bullets, just hard work. And remember, you can always get help from experts like Tom Van de Wiele:

Ask yourself the hard questions before anyone else does, and do not be afraid of the answers. This stuff isn’t easy. But that is why we do it.

tunnel, cyber security tips


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s