Risk and security are two of the most often debated topics in IT in terms of the smooth and effective running of any organisation. Following our research campaign into the subject, we have been busy collecting the views of our partner community, gathering perspectives from across the market on all things security.
Here is Andrew Tang, Service Director of Security at MTI, a global provider of IT & security solutions and VMware partner, to share his views and explain how IT departments can make sure the board is listening…
Although used as a plot device for countless Hollywood movies – from Swordfish to Die Hard 4 – it is only more recently that cyber security breaches have become a significant talking point for businesses, especially when it is their reputation, IP and competitiveness that is at risk. Due to the misfortune of security breaches at brands such as TalkTalk, Sony and Ashley Madison, business decision makers are beginning to look to cyber security, not simply as an IT afterthought but as an important investment.
And it’s about time. Cyber security has never been so crucial.
The landscape is changing, with organisations becoming more open in how they manage data and IT services. This has caused difficulty for the tech community, and many IT departments are struggling to balance the demands of employee mobility with traditional security methods.
At the same time, we are seeing numerous specialised players popping up with new fixes for niche problems. However, these incremental tactics are proving ineffective – like trying to fix a broken leg by covering it in sticking plasters – and organisations are crying out for a holistic solution that can go beyond the perimeter defence and siloed data. This is where VMware NSX comes in.
However, technology is only half the story. Effective cyber security will always be limited if the end-users continue to let threats in through the back-door. Phishing scams and Trojan viruses often get their entrance through employee mistakes. It’s vital that everyone – from the CEO to the receptionist – is clear on the organisation’s security policies. And while all employees should have a basic understanding of cyber security, training can’t simply be a one-size-fits-all lecture. The board will be targeted in different ways than other roles in the business, so training should be bespoke and appropriately suited to the day-to-day risks employees can expect.
Ultimately, we advise customers to ask three critical questions to tackle the insider threat:
Where is your data?
Data is crucial, it is the lifeblood of your organisation. Keeping track of it means that you are best placed to protect it.
Who can access it?
This is just as much about who should access data, as who should not. To this end, MTI has a dedicated department of fully qualified Penetration Testers – also known as white hat/ethical hackers – who can test your infrastructure to identify weak points and ensure that your data is only seen by those with the right permissions.
How is it protected?
What safeguards do you have in place? Is this enough? Cyber attacks, especially using ransomware, have increased exponentially in recent years and its now a case of when – not if – an attack will occur. Have you secured all endpoints?
It might seem paranoid, but when it comes to cyber security paranoia is good! It’s vital that businesses are able to ask these questions. It is only when you can answer them that you know your organisation is once again safe. Additionally, putting into place solutions such as VMware NSX can help mitigate the inevitable insider threat. Thanks to microsegmentation even if an employee mistakenly clicks on a malware link the threat can be locked down and dealt with, instead of compromising the entire system. Although nothing is as effective as eradicating poor employee behaviours – after all, an ounce of prevention is worth a pound of cure – NSX offers a backstop in case something does go wrong. And the more checks and balances in place, the better.