Does the news define your cyber security policy?

Recent incidents around cyber security have taught us a few things:

  • Stuxnet and its recent offspring called Duqu show how advanced modern cyber threats have become. Apparently, cyber threats can reach out to places were bombs can’t go and do so unnoticeable at first.
  • Incidents involving certificate authorities like Comodo and Diginotar have shown that these threats can break down the fundament on which trusted communication is built on the internet.

This shows there are highly motived and well-funded ‘adversaries’ in the world who have the means to come up with solutions that are unstoppable. Unstoppable by anti-virus and other malware protection solutions, unstoppable by following today’s common practices in information security.

But all is not lost. I am not trying to create fear, uncertainty and doubt. The threats listed above were targeted at very specific and high profile victims. The average organisation does not have to protect itself against such advanced threats. But then again, which organisation is average? Every organisation has a risk profile, even if it is close to zero. And for any organisation, the potential damage of a cyber-security incident differs.

Cyber threats surfacing in the media may not be the kind your organisation needs to worry about (yet). Your organisation is unique and is best served with a unique combination of measures (mitigating controls in jargon) to protect against relevant threats and taking acceptable risks. Organisations that take information security (and themselves) seriously should implement measures based on risk assessments, not the media.

Related Posts


Capgemini presents Next Generation Security Operation Center

Christer Jansson
June 14, 2018
Next generation security operation centers (SOCs) resolve the need for cybersecurity skills and help organizations counter threats

Selling security and privacy: Why cybersecurity is the new competitive advantage for retailers

Subrahmanyam KVJ
May 28, 2018
Consumers now see cybersecurity and data privacy as one of the three main reasons to select a retailer, beating even price. In India, it even comes out on top as the number-one reason to do business with a particular retailer.

Are you prepared for the GDPR?

Peter Hansen
May 17, 2018
The general issue lies with anyone with justified and managed access to process data, for its purpose, since that’s the business need and actual reason for the data existing in the first place.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.


Close cookie information