It is time to enhance our security approach. I firmly believe this is not a problem of technology but of the security posture of a company and the attitude towards defending critical assets – in this case, money – with in-depth defence.
There are a number of technologies that, working together, can be effective and efficient in protecting against attacks. What is very much needed is a plan, a process and a systemic approach to security that considers the different phases of detection, identification, protection, eradication and recovery.
If we properly align the technologies we use in terms of privileged account management, next-generation firewall, log and event management, endpoint security and so on, and use the insights from correlating information from them all, we would have a comprehensive set of technologies working towards protecting and defending sensitive information.
This is not just about protecting money but also customer data, health records and billing information. We need to fight advanced persistent threats like Carbanak with advanced persistent security.
Cyber criminals are becoming incredibly advanced at using technology and we must also use technology and processes to defend ourselves and to ensure a successful attack does not mean a successful compromise.
Awareness and training is key. We need to work towards everyone in an organisation understanding the threats and the roles they play. Isaca’s Cybersecurity Nexus is helping address this by providing a holistic approach and resources for cyber security professionals at all levels of their careers.
Ramsés Gallego is international vice-president of Isaca and security evangelist at Dell Software
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK
This was first published in March 2015