Does the news define your cyber security policy?

Publish date:

Recent incidents around cyber security have taught us a few things: Stuxnet and its recent offspring called Duqu show how advanced modern cyber threats have become. Apparently, cyber threats can reach out to places were bombs can’t go and do so unnoticeable at first. Incidents involving certificate authorities like Comodo and Diginotar have shown that […]

Recent incidents around cyber security have taught us a few things:

  • Stuxnet and its recent offspring called Duqu show how advanced modern cyber threats have become. Apparently, cyber threats can reach out to places were bombs can’t go and do so unnoticeable at first.
  • Incidents involving certificate authorities like Comodo and Diginotar have shown that these threats can break down the fundament on which trusted communication is built on the internet.

This shows there are highly motived and well-funded ‘adversaries’ in the world who have the means to come up with solutions that are unstoppable. Unstoppable by anti-virus and other malware protection solutions, unstoppable by following today’s common practices in information security.

But all is not lost. I am not trying to create fear, uncertainty and doubt. The threats listed above were targeted at very specific and high profile victims. The average organisation does not have to protect itself against such advanced threats. But then again, which organisation is average? Every organisation has a risk profile, even if it is close to zero. And for any organisation, the potential damage of a cyber-security incident differs.

Cyber threats surfacing in the media may not be the kind your organisation needs to worry about (yet). Your organisation is unique and is best served with a unique combination of measures (mitigating controls in jargon) to protect against relevant threats and taking acceptable risks. Organisations that take information security (and themselves) seriously should implement measures based on risk assessments, not the media.

Related Posts

Cybersecurity

Cybersecurity: the linchpin of sustainable infrastructure

Geert van der Linden
Date icon July 7, 2021

It’s critical that infrastructure organizations mitigate these risks by placing cybersecurity...

Cybersecurity

Malware: Bad for business and the environment

Geert van der Linden
Date icon June 28, 2021

Ensure your business is secure and quick to respond in the event of a breach.

Cybersecurity

Is your cybersecurity insurance dynamic enough for today’s threat landscape?

Geert van der Linden
Date icon May 3, 2021

To provide effective insurance, and claim their stake within this growing market, insurance...