In the wake of last year’s surge of debilitating ransomware attacks, many businesses are investing heavily in cybersecurity technology, with Gartner predicting that worldwide security spending will reach unprecedented highs at an estimated $96-billion this year alone.
However, according to Edward Carbutt, executive director at Marval Africa, technology is only one of the components that make up a strong defence against cyberattack.
“Even with the right technology in place, organisations are still vulnerable to attack, and should protect themselves in other areas, too,” says Carbutt. “For optimal cybersecurity, organisations can look towards addressing five key elements: people, processes, technology, change and culture.”
People, processes and technology have long been the cornerstones of Information Technology Infrastructure Library (ITIL) frameworks, often referred to as the “golden triangle” for successful project implementations and change management. Carbutt says that the ability to implement change and an organisation’s culture are just as critical to security and play an important role in today’s rapidly evolving digital world.
People
“People form the basis of any organisation. How they interact with customers, each other and the technology they use is important for business success,” says Carbutt. “In many instances, cyber-attacks and security breaches arise because of human error or interaction. Whether a user downloaded a file containing malware or accessed and unwittingly shared data that they were not authorised to, data can be disseminated and infiltrated through sheer lack of knowledge of security principles.”
Carbutt stresses the importance of not only providing an organisation’s people with clear cut policies on security protocols, but that it be enforced through frequent training, knowledge sharing and updates about those policies. Training should be part of any plan for security, risk management, business continuity and compliance. Knowledge sharing in the form of frequent reminders, updates on new malware and safety tips are great way to reinforce training and policies, Carbutt says.
“People who are aware of what security risks are out there, and how they are able to protect themselves from those risks are better equipped to prevent cyber-attacks through accidental or unwitting actions.
Processes
A fundamental element of success, according to ITIL, is not only having the right processes in place, but ensuring they are adhered to.
“When organisations establish and reinforce processes for every action, things are done properly according to the prescribed steps,” Carbutt states. “In security, if every member of a business follows the approved processes for securing, accessing and sharing data based on the parameters laid out for that type of data, the window for a security breach closes considerably. As soon as there are deviations, there is room for errors to be made.”
Technology
Carbutt reminds us that we are living in a technology driven world and cybercriminals are developing smarter technologies to carry out attacks every day. To combat cybercrime, organisations needs to stay a step ahead, and this means investing in the right security technology.
It’s about more than just having the right firewalls and malware protection in place, says Carbutt and continues, “By automating tasks and software updates, not only do we save time, but we also make sure that no critical task is forgotten or ignored, therefore compromising safety. Feature-rich tools, like IT Service Management Software, help identify potential risks, recognise security alerts, prioritise tasks and escalate incidents to the team experts easily and quickly. Risk and incident management becomes far more effective and businesses are then capable of responding faster to threats.”
Change
Continual improvement forms the basis of ITIL. According to Carbutt, businesses should to be prepared to refresh and update their systems, processes, policies and security often, to keep apace of changing security demands.
“Organisations who are dependent on dated technology – or who do not even know what technology they have in their businesses – are at risk of cybercrime. Organisations who rely on processes and policies which are designed around old cybercriminal behaviour are at risk of cybercrime. Updating infrastructure, policies and processes keeps everything current while minimising complexity and eliminating potential blind spots,” says Carbutt.
Culture
Maintaining a safe business environment is the responsibility off every member of the organisation, from senior management to end user.
“Where a culture of safe, secure practices is engendered, and security is prioritised, the other elements – people, processes, technology and changes – will automatically follow,” concludes Carbutt.