In recent years, cyber threats have increased exponentially and now affect all countries. They target states as well as their institutions, public figures, companies and populations. Some simple and effective recommendations could be helpful.
In this year, the threat is real. For this reason, many governments in the world asked about a detailed report on the threats of cyber attacks, in order to avoid any interference. A request shows that there are simple and proven prevention means to prevent security breaches; A recent report by the Department of Homeland Security (DHS), confirms that these methods would counter up to 85% of current cyber attacks. Unfortunately, the theory remains stronger than practice...
"Common Sense" in action
If these recommendations are still not adopted by companies, it is because they are perhaps too time-consuming, costly or even difficult to put in place. Yet organizations today have tools to apply updates on applications and operating systems, antivirus and firewall setup, and restricted administrator access, for example. They are also able to go further by implementing segmentation at the network level and by providing lists of secure applications that can be used by their employees.
In practical terms, this advice is largely common sense, and is available to every organization with a cybersecurity strategy in place. However, just as overinformation makes the confusing message, the proliferation of advice and security solutions tends to blur the recommendations. Thus, while many companies are still unaware of the best security practices, others simply choose not to use them. While there is a general outrage over attacks from government sources, the inability of some structures to solve basic security problems should arouse the same reactions. Far from stopping at the doors of the political sphere, these problems also extend to the public and private sectors.
Chronic inability to protect themselves? Not sure.
Questions need to be asked: why do these behaviors persist? Is it because of lack of awareness? Many of these recommendations have been put forward for years. But not a week passes without state-owned companies, major global banks, retailers and technology companies falling prey to elementary attacks, such as phishing. It is also not the fault of a lack of budget and investment, according to IDC, organizations are expected to spend $ 101.6 billion on software, services and security equipment by 2020. Other estimates even higher amounts.
Finally, these failures on the part of each sector to apply a strategy of cybersecurity considered as rudimentary establishes and tends to perpetuate a climate of general insecurity for all the actors of the society. It seems that the entire ecosystem - from politicians to the state, through the media, security providers and companies - talks about security, but has difficulties in making it a reality. As a result, the same flaws and problems persist and, despite the warnings, very few measures are actually being taken to address these vulnerabilities that are the delight of our geopolitical enemies and anyone who wants to take advantage of them. While the foundations of security are hammered and often mistakenly perceived by most victims of cyber attacks, it is perhaps the approach and the way in which it is addressed that are the source of the problem. Indeed, if the message is good but it does not pass, should not it be possible to envisage by modifying the way it is transmitted?
No comments:
Post a Comment