Information Security Is More Than Firewalls and Antivirus – Organisational Commitment Is Key
The more digital a company's business becomes, the higher the risk posed by cyber threats. Like any other threat, cyber threats are mostly a case of preparing and predicting.
The more digital a company's business becomes, the higher the risk posed by cyber threats. How much business can be moved online or within reach of the internet, if this exposes your business to completely new vulnerabilities?
Petri Kairinen, CEO of information security consulting company Nixu, sees it as a balance between risk management and new technology:
"In theory, you can protect yourself from cyber threats completely, but only if you are willing to give up the opportunities of digitalisation. This is not viable in practice, so it comes down to choosing your level of risk: what do you want to protect against, how do you prepare, and what measures should you take."
Preparation works against cyber threats
Like any other threat, cyber threats are mostly a case of preparing and predicting. No protection is perfect, so that leaves detection and reaction: when something does happen, the company must have the appropriate measures prepared and ready for quick deployment. Due to the broad nature of cybersecurity, it cannot be the responsibility of just one part of the company.
"The chain must account for human behaviour, processes and subcontracting chains." Information security is more than firewalls and antivirus protection. Even so, a deeper understanding of that technology is also required," says Kairinen, describing the comprehensive approach to security.
From theft protection to protecting digital business
The last ten years have seen a marked increase in the understanding companies have of information security. It was previously seen as something very tangible, such as protecting customer databases from theft. Nowadays, the emphasis is more on protecting the whole business, and the digital elements in particular.
"Technical experts have understood the importance of information security for a while, and as business operations become digital, management is becoming interested as well. The financial consequences are in a whole different category than what they were a decade ago," comments Kairinen on the change in attitude.
The entire organisation must commit to information security
Information security is a challenge for companies: Hackers only need a single weak point to access the system. After that, protection measures may fall like dominoes. The initial weak point could be an information system, but also an internal practice or even an individual employee. This is the reason the whole organisation must contribute to cybersecurity, and not just the technical experts or hardware.
Even so, Kairinen wishes to reassure:
"Our company thinks about this every day, of course. But one should not worry about it too much. If you have a good plan and the motivation to carry it out, then information security is just another task."
The future may offer relief in the form of artificial intelligence. Advanced algorithms can help detect attacks more effectively and more quickly.
"Our industry is in constant motion with new evils lurking around the corner and old protection becoming obsolete. You simply find new ways to adapt," says Kairinen, referring to the endless game of cat and mouse played by cyber criminals and cybersecurity companies.