Don’t settle for “good enough”
Many businesses have had to make sudden and significant IT infrastructure changes to enable mass remote working in response to COVID-19. This surge created security gaps in organisations’ security infrastructure, exposing businesses to potential threats stemmed from unsecured networks.
In addition, security policies and agreements with third parties regarding device security cannot always be enforced. Leaving businesses at potential risk of unsecured, malware-infected, and compromised devices connected to sensitive organisational resources.
For organisations that might not have the resources or tools to implement a strong cybersecurity strategy, it is worth exploring how a security vendor can support your security needs.
Here are five key considerations to help businesses better evaluate their cybersecurity strategy:
1. Don’t assume your security architecture is secure; it’s not always the case
Organisations that provide security understand their products must be secure. Unfortunately, this is not always the case. A security vulnerability can get baked into an application, if compromised, your security partner should act swiftly to resolve the issue. The quick distribution of a patch or effective alternatives is expected. In 2019, a state-backed hacking group exploited a previously unknown vulnerability within a security vendor’s system. It took a long time for these vulnerabilities to be patched, and two years later, there are still customers running vulnerable systems, leaving their organisations open to cyberattacks.
2. Choose vendors with the right track record
Your security vendor must have your back. They should be ready to take every action necessary to provide quality security efficiently. Working with a mature, credible security firm can mean the difference between staying consistently secure with proactive and rapid responses versus suffering from compromised systems. When it comes to high severity vulnerabilities, the security vendor you do business with can become a make-or-break situation to protect your organisation.
3. Make sure your systems aren’t critically exposed
The challenge facing organisations adopting a hybrid work model is securing remote access from any device, anywhere at all times. Businesses have moved from protecting a traditional on-site network to multiple endpoints, devices, apps and even emails. For companies that require complete protection, it is worth exploring a unified solution that can easily scale with you.
The bottom line for businesses is: do not leave any stone unturned when it comes to securing your IT infrastructure.
4. Assess Overall Security
Generally, security vendors should develop secure products overall and show seriousness in both the number of security vulnerabilities they have and the time it takes to patch, regardless of severity. Check Point provides the Infinity architecture that encompasses more than 60 security services and provides services for more than 50 types of assets. Experts can respond to requests in real-time or in under 24 hours.
5. Be ready to protect against sophisticated attacks
Historically, we’ve seen an increase in attacks like Wannacry and NotPetya and more breaches in organisations like HBO, Equifax and Uber. This pattern tells us that almost every new innovative service loses ground to a “good enough” competitor. Therefore, investing in “good enough” security isn’t enough. In fact, it’s a a dangerous mindset for businesses to be in. To overcome this mindset, companies need to ask these hard questions when evaluating their cybersecurity strategy:
- Can I afford the risk with “good enough” security?
- What are the risks specific to my organisation?
- Am I doing everything possible to secure my organisation and customers, or have I settled for “good enough”?
- What exactly am I getting with my security investments?
By taking a proactive approach to cybersecurity, businesses can close the security gap and protect their IT infrastructure against sophisticated attacks and potential threats.
Gary Gardiner is Head of Security Engineering, Asia Pacific & Japan, Check Point Software.