Does the news define your cyber security policy?

Publish date:

Recent incidents around cyber security have taught us a few things: Stuxnet and its recent offspring called Duqu show how advanced modern cyber threats have become. Apparently, cyber threats can reach out to places were bombs can’t go and do so unnoticeable at first. Incidents involving certificate authorities like Comodo and Diginotar have shown that […]

Recent incidents around cyber security have taught us a few things:

  • Stuxnet and its recent offspring called Duqu show how advanced modern cyber threats have become. Apparently, cyber threats can reach out to places were bombs can’t go and do so unnoticeable at first.
  • Incidents involving certificate authorities like Comodo and Diginotar have shown that these threats can break down the fundament on which trusted communication is built on the internet.

This shows there are highly motived and well-funded ‘adversaries’ in the world who have the means to come up with solutions that are unstoppable. Unstoppable by anti-virus and other malware protection solutions, unstoppable by following today’s common practices in information security.

But all is not lost. I am not trying to create fear, uncertainty and doubt. The threats listed above were targeted at very specific and high profile victims. The average organisation does not have to protect itself against such advanced threats. But then again, which organisation is average? Every organisation has a risk profile, even if it is close to zero. And for any organisation, the potential damage of a cyber-security incident differs.

Cyber threats surfacing in the media may not be the kind your organisation needs to worry about (yet). Your organisation is unique and is best served with a unique combination of measures (mitigating controls in jargon) to protect against relevant threats and taking acceptable risks. Organisations that take information security (and themselves) seriously should implement measures based on risk assessments, not the media.

Related Posts

Cloud Security

Cloud security is not too different

Roy Samson
Date icon August 13, 2018

Take a closer look at your current security options before investing in new ones.

Cybersecurity

IAM DevOps in Capgemini

Terence Stamp
Date icon August 10, 2018

The Agile methodology has been gaining traction in its adoption throughout the business world. ...

Cybersecurity

Capgemini presents Next Generation Security Operation Center

Christer Jansson
Date icon June 14, 2018

Next generation security operation centers (SOCs) resolve the need for cybersecurity skills and...

cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information