+
EDITOR’S QUESTION
NICOLAI SOLLING,
CTO AT HELP AG
/////////////////
I
t is a unique way of looking
at the much-discussed topic
of cybersecurity and I believe
complacency is one of the major
elements causing the largest risk to
organisations. First there is a general
sense of ‘it will not happen to us’.
However, the last couple years in which
malware has been effectively targeting
organisations of all sizes and verticals
has resulted in this way of thinking
having to be changed rapidly.
Related to this is also the ill-fated logic
that ‘nothing has happened so far.’
Again, many organisations can no
longer say this.
Complacency can definitely lead to
security concerns. For instance, I think
there are many organisations that are
not even efficiently able to deliver on
even the most basic elements of good
security practices, yet they are either
not doing anything about it or are
not allocating the correct budget to
remediating the issues they face.
Hand on heart, how many organisations
can admit to actually looking at the
“
MOST EVENT
MANAGEMENT
TODAY IS
RE-ACTIVE
AT BEST AND
SOMETIMES NOT
EVEN EXISTENT.
www.intelligentcio.com
events taking place in their IT systems pro-
actively and trying to identify early indicators
of compromises? Most event management
today is re-active at best and sometimes not
even existent.
The second issue is vulnerabilities. Which
vulnerabilities are present and what is the
risk exposure they pose to your organisation?
You may have a vulnerability but the
configuration of your system or network
could mean that it is not critical. But do you
really know this? Managing vulnerabilities is
extremely difficult and can you determine
where you need to focus?
Finally, there are the solutions: How
efficiently do they deal with the issues in the
wild today?
Why is it that five years into the malware
problem we are still seeing one infection
after the other spreading via e-mails or links
that users are tricked into opening? Are we
perhaps doing something wrong or are the
solutions we are using not good enough?
Can we broadly bundle all these issues as
‘complacency’? Maybe. But it is also failure
to evaluate where your exposures are and
how you can best mitigate them.
INTELLIGENTCIO
35