The cyber world is no longer a parallel universe, but an integral part of our society. Digital aspects affect the analog world, change our lives and create new demands, especially when focusing on the topic of security. To kick off our new cyber series, we’ll show you what cyber security means and why it’s so important.
What is it all about?
IT security has become one of the most important priorities in companies since the conversion of data processing to machines (EDP). It must guarantee the confidentiality of information, ensure the integrity of data and systems, and ensure their availability. Classical IT security therefore, encompasses two dimensions: the data and information as well as the systems with which it is collected, processed and stored.
By merging the analog and the digital world, IT security becomes cyber security. This means that with all-encompassing networking, we have added a new dimension to security. Conventional security concepts must be expanded accordingly and in some cases. redesigned. Areas such as cloud, enterprise mobility and IoT enrich our working environment, but need to be integrated just as securely as previous IT systems.
Why is this so important?
The security concepts for the protection of information systems are no longer limited to well-defined physical spaces such as the headquarters of a company. Security concepts today must include the complete infrastructure including mobile devices, the Internet of Things (IoT) and all systems and data in the cloud. Various developments have led to the evolution of security concepts. For one thing, our working environments have changed immensely over the past several years. Daily work tasks are no longer done exclusively in the office, but in the home office and are increasingly mobile. The ability to work remotely has already become an important selection criterion for younger employees. Anyone who does not offer or enable this as an employer is already at a disadvantage in the battle for young talent.
Remote work and a highly networked IT infrastructure is not just a matter of new working models, it is also increasingly adding value. In our post, I have already told you in a previous blog, that it only took a few hours until I got provisioned with a new laptop and all data. With an infrastructure not designed for such cases, a days-long outage would have been the inevitable consequence.
Last but not least, companies have to deal with the new EU Data Protection Regulation (GDPR), which has been in force since June 25, 2018. Any data that allows conclusions to be made about real people must specially protected. Severe penalties are applied in the event of a cyberattack where personal data is accessible and privacy policies are violated.
What do you have to do now?
New impact areas such as cloud, mobile and IoT are becoming increasingly important for companies and their employees. While these areas offer new business models and job opportunities, they also demand integration into existing as well as new security concepts. Those who neglect this new dimension open the doors to cyber criminals. Incidentally, a complete rejection of cloud, mobile and IoT is not the solution. First and foremost, development in this direction will not be halted or reversed by an opposing attitude. And secondly, a renouncement quickly creates competitive disadvantages. But, there is good news about the dangers: they are manageable!
If you have not already adapted your safety concepts to the new conditions, you should immediately put them to the test. Not only should you include the IT that is in your building, but you should also think about data and systems that reside in the cloud or on mobile devices and edge systems. A first important step is a complete documentation of all physical and virtual IT components. Once all of these have been secured, you should adjust the internal compliance guidelines. During this step, you specify exactly which systems and cloud applications employees are allowed to use and who is responsible for releasing new services. With these two steps, you have already laid a good foundation for your cyber security strategy. The third step is an ongoing maintenance process. It consists of regular security updates and the import of software updates. Ensuring that your employees know, understand and follow all the policies also eliminate many sources of danger and threats.
Why these risks are only minimized and not completely eliminated, is explained in the next part of the series – Cyber Awareness.