Roger Woodend, Director: Media and Technology, BT
For technology companies, reputations are made by setting an aspirational example to customers and partners - particularly when it comes to security, because users must be able to trust unfamiliar innovations if they’re to use them.
The tech companies I talk to feel particularly vulnerable to the effects of cybercrime, exposed to not only the potential devastating impact an attack can have on their brand reputation, but also the long-term implications of losing valuable IP information. With the current pandemic already putting businesses under strain, and the sudden move to remote working fuelling an increase in cybercrime, tech businesses can’t afford to let their security slip.
Security: A core competency challenge
Despite the high stakes however, some technology organisations can feel reluctant to get help from partner organisations. I believe that one of the reasons for this is the fear that it doesn’t look professional to work with others on a core aspect of their organisation’s competency. This reluctance plays into the hands of cybercriminals, as companies working in isolation often have a siloed and incomplete view of the global threat landscape.
This isn’t the only area of vulnerability, either, as the high number of mergers and acquisitions within the sector can leave organisations exposed. Merging databases, remote sites and new networks into an already complex network landscape is a significant task, and new acquisitions can bring serious security threats to your data and operations. Each and every time a new company is added, it’s a substantial undertaking to assess the security implications of integrating those assets.
An independent point-of-view
It’s clear that the sector has significant security challenges, and many of the organisations I work with see ethical hacking as an essential part of their security strategy. It’s a proactive way to make sure your network isn’t left vulnerable when endpoints are added as your organisation expands and your supply chains grow. Pen-testing and securing the weaknesses before they can be exploited to give access to your network means you can transform your operations safely and securely.
To put this into context; one tech organisation that failed to do this effectively was attacked in late 2016. During the attack, hackers accessed the company’s cloud servers, downloading the records of 35 million customers and almost 4 million employees. The company faced significant fines in the UK and a $148 million US fine - and have had to fight back hard to regain user confidence.
As this example highlights, it’s vital you understand which are your most valuable assets and how secure they are. It’s also one of the key areas where you may want to consider security advisory services to help you get that independent point-of-view. To see the full picture, you’ll need to be stress-testing your network using as complete a range of global threats as possible.
This would need to cover emerging security issues and the latest criminal trends. If you were simply working with data that your organisation had gathered itself, you would not necessarily have a complete view. This level of oversight is particularly important during the current pandemic, as cybercrime is experiencing a significant spike in activity. As people transition to remote working, security vulnerabilities are increasingly being exposed and criminals are constantly devising innovative ways of exploiting these.
Why constant security monitoring is vital
Setting up and running a well-resourced security operation centre (SOC) with quality threat feeds that can continually monitor for threats is expensive. You need the location, network feeds, tier one and two personnel to address issues as and when they arise, and the capacity to proactively sift through significant amounts of data. Automated detection including Machine Learning and AI will most certainly play an important part in any future defence strategy.
Working with a security provider who has robust global 24/7 monitoring, is a smart choice if you’re serious about your security. Their ability to monitor huge flows of data all around the world and apply those learnings to your defences could make the difference between your cutting-edge content staying safe or being exposed. And you’ll want to find a partner who really understands your business needs - in the immediate sense during the current pandemic, as well as for a post COVID-19 future.