If for each of us the security of our online activity involves adopting some essential rules of cyber hygiene, in the case of companies this need is directly proportional to the substantial impact that any attacks may have on business level. We speak here not only about extraordinary financial losses, but also about the loss of sensitive information (from clients’ personal data, to classified information specific to the business), the interruption of activity, impact on the company's image, etc.
In this context, we can consider rhetorical the question "Why do I need cyber security?" – similar to "Why do you have a lock on the door of the house?". But as this continues to occur, we have to offer an answer – or point it again, starting from a simple syllogism.
If almost all businesses today have an IT component that stores and processes data (the activity of the vast majority of companies having a small or large IT infrastructure) and where there is a computer structure there is a cyber risk, then almost all businesses today are subject to cyber risks, breaches of computer security that can have major repercussions.
This risk assessment, this awareness of the risks and the need for security is the first step we can take in adopting a correct behavior from cyber security point of view. Subsequent investment in cyber security solutions is based on what you have to protect, namely the evaluation of the protected data, the cyber risks to which they may be exposed.
Beyond your own awareness, the need also arises from the area of legislative regulations – if you are not aware that you must protect, surely you have to comply with a regulation such as the GDRP Regulation or the NIS Directive, respectively Law no. 362/2018 of its transposition in Romania.
When we talk about cyber security, we must keep in mind that there are always four essential elements, regardless of the type of business, company profile or size of the IT network:
• awareness (data to be protected) – WHAT we protect;
• tools (antivirus, firewall, back-up software) – WITH WHAT we protect;
• the staff (people with know-how) – WITH WHOM we protect;
• processes – HOW we protect.
In terms of costs, only the awareness and the open-source tools are free, bearing in mind that the latter come with limitations such as the risk of stagnation at the given time. In addition, this gratuity in the case of the tools used to protect the data becomes irrelevant, as long as costs related to their operation or the qualified human resources necessary for configuration and operation appear. The limitations of the open-source tools are to some extent offset by the commercial ones, but in this case we must also realize that the knowledge of the specialists in the field is necessary, because not anyone can use them.
certSIGN offers to the small businesses (SMEs) in Romania the Cyber-In-a-Box solution, designed as a complement to cyber hygiene measures. Addressing network security (up to 100 devices), this solution consists of a series of tools needed to support basic cyber security processes:
• Asset Management – software to identify network elements and potential changes that occur in its configuration;
• Vulnerability Management – software to scan each asset separately to determine the degree of vulnerability in the face of potential attacks;
• Log management – log monitoring and management software.
Find out more on this topic from certSIGN specialists at Radio Guerrilla!
(invited Dan Ionuţ Grigore, Cyber Security Director certSIGN)