BT And KPMG Warn Companies Of E-Security Traps




In the wake of renewed deadly and high-level global ransom attacks such as WannaCry and Petya, BT and KPMG today launched a new e-security report that provides companies of all sizes with practical advice and best practices on how to manage and route their security journey and turn them into valuable opportunities .

The new report, “The Cyber ​​Security Journey – From Denial to Opportunity” warns of serious traps when dealing with the complexities of protecting digital initiatives. These include stumbling in stages of denial of service and anxiety on the one hand, and false confidence and harsh lessons on the other.

While investing in technology such as firewalls and anti-virus software is the best precautionary measure at the start of a security protection trip, companies believe companies should avoid over-wasting money on IT security products in anticipation of an unbalanced response, the report says.

This is especially true for companies that have gone beyond the phase of denial to the ongoing state of concern. Investing in the latest technologies is seen as the magic solution to this problem. This common misconception may not only make companies a target only for Internet criminals, but also for overly enthusiastic IT sales representatives.

Companies should first assess existing controls against best practices, such as NCSC directives, to help identify any gaps and prioritize the key areas for investment. Furthermore, everyone in the organization, from board members below, should take responsibility for maintaining the highest standards of e-security, while companies need to invest in training and awareness-raising among employees. This may help transform employees from being the weakest link in any security chain into one of the company’s most important assets in data protection efforts.

“The recent outbreak of ransom attacks on a global scale has shown the ability of less sophisticated attacks to spread globally at an amazing speed,” said Mark Hughes, chief executive of Security. Many companies could have avoided being victims of such attacks if they had maintained better standards of electronic protection and lay the groundwork for them. These global situations remind us that every company today – from the smallest individual trader to SMEs and multinational corporations – needs to meet these challenges by managing and controlling the security of its IT infrastructure, as well as its employees and operations. This report aims to help protect digital enterprise initiatives by accompanying companies on their journey towards electronic security.

“The latest wave of cyber attacks puts Internet risk at the top of the corporate agenda,” said David Verbresch, technical director of KPMG’s e-security practices unit. In other words, today’s business community needs to avoid unaccounted-for responses. E-security is a journey, not a solution for everyone, as well as laying the groundwork, such as installing security patches, making backups, and so on. It is also important to establish solid foundations for the company’s e-security culture and to raise awareness among employees, and to take into account that the task of security lies in empowering the company and not blocking its services.

Electronic threats are rapidly evolving, so companies are facing a society of violent criminal business professionals. To overcome these challenges will not be simply to rely on technology as a radical and decisive magic solution, but to involve the efforts of a society as a whole in a world where the boundaries of business fade away.

As innovators develop their skills to search for the weakest vulnerabilities to access the victim’s network, the next generation of CISO needs to think about digital risks and help companies capture the best business opportunities and build a flexible and robust electronic security platform.

Although e-security issues are increasingly discussed at the board level, the report points out that these discussions are very rare and treated as a separate issue and unrelated to broader operational risks. In many cases, the issue of cyber security is not included in the corporate comprehensive strategy.

The report also notes that the over-sophistication and complexity of the IT architecture could exacerbate security vulnerabilities. This is especially the case if it is very difficult to use the technology applied or in the absence of integration and integration of systems.

In order to address these risks and acquire outstanding e-security skills, the report calls on companies to focus on effective governance processes, proper and appropriate integration of technology, and consider outsourcing some of the less important security protection tasks to a trusted partner. Doing so, along with intelligence sharing, best practices and lessons learned with and outside peer networks, will allow companies to think about e-security in a different way. In other words, it will think of e-security not as risks that may be discussed by the board twice a year, but as business opportunities and a driving force for digital transformation.


In: A Technology & Gadgets Asked By: [22628 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »