Does the news define your cyber security policy?

Publish date:

Recent incidents around cyber security have taught us a few things: Stuxnet and its recent offspring called Duqu show how advanced modern cyber threats have become. Apparently, cyber threats can reach out to places were bombs can’t go and do so unnoticeable at first. Incidents involving certificate authorities like Comodo and Diginotar have shown that […]

Recent incidents around cyber security have taught us a few things:

  • Stuxnet and its recent offspring called Duqu show how advanced modern cyber threats have become. Apparently, cyber threats can reach out to places were bombs can’t go and do so unnoticeable at first.
  • Incidents involving certificate authorities like Comodo and Diginotar have shown that these threats can break down the fundament on which trusted communication is built on the internet.

This shows there are highly motived and well-funded ‘adversaries’ in the world who have the means to come up with solutions that are unstoppable. Unstoppable by anti-virus and other malware protection solutions, unstoppable by following today’s common practices in information security.

But all is not lost. I am not trying to create fear, uncertainty and doubt. The threats listed above were targeted at very specific and high profile victims. The average organisation does not have to protect itself against such advanced threats. But then again, which organisation is average? Every organisation has a risk profile, even if it is close to zero. And for any organisation, the potential damage of a cyber-security incident differs.

Cyber threats surfacing in the media may not be the kind your organisation needs to worry about (yet). Your organisation is unique and is best served with a unique combination of measures (mitigating controls in jargon) to protect against relevant threats and taking acceptable risks. Organisations that take information security (and themselves) seriously should implement measures based on risk assessments, not the media.

Related Posts

Cybersecurity

Empowering our employees to become cyber savvy in the new normal

Date icon October 14, 2021

Celebrating Cybersecurity Awareness Month at Capgemini

Cybersecurity

Capgemini Named a MSSP Leader in Everest Group Report

Geert van der Linden
Date icon September 6, 2021

Capgemini has continued to make significant investments to ensure its customers are able to...

Cybersecurity

Cybersecurity: the linchpin of sustainable infrastructure

Geert van der Linden
Date icon July 7, 2021

It’s critical that infrastructure organizations mitigate these risks by placing cybersecurity...