Cybersecurity requires a mindset that goes beyond just IT

Year after year, analysts and security solution providers point to the increasing number of cyber incidents. Taking no action is therefore not an option. “Start from the risk you are willing to accept and align your cybersecurity budget with that.”

It is important to note that in addition to more attacks, there is also more protection. “We clearly see an increase in the number of registered incidents,” says Paul Vanderborght, Managing Director of Cloud & Infrastructure Services at Capgemini Belgium. “But of course, there is also a lot that companies do not disclose. Still, it is good that hacks make the news. It increases awareness, even at the executive level.”

“CEOs and CFOs often make a good assessment of the risks,” believes Paul Vanderborght. “They are profiles with a network. They talk to colleagues from other companies and hear about where those other companies went wrong. But in practice, it is often the technological implementation that does not follow.” And therein lies the problem. “Security requires an end-to-end approach. So, while it’s good that the CEO correctly assesses the risks, it needs to be translated concretely throughout the entire company, down to the technical level.”

Recognizing the danger

This translation should not only focus on systems but especially on their users. Cybercriminals consider humans as the easiest access route to the company’s network. They continue to refine their attacks with phishing emails. What can a company do about it? “It starts with the technical aspect,” says Paul Vanderborght. “You have to pick up attacks via phishing and limit the damage. At the same time, awareness remains crucial. At Capgemini, we run an annual campaign where we teach our employees how to recognize malicious emails and links.”

“With cybersecurity, you start from the risk you are willing to accept. At the same time, that requires a mindset that goes beyond IT.”

– Paul Vanderborght, Managing Director of Cloud & Infrastructure Services at Capgemini Belgium.

At the same time, it is also necessary to focus on technology. One of the terms that security solution providers emphasize is zero trust. The basic principle of zero trust is that nothing or no one gains access to applications and data except after strict verification. “I see zero trust more as an additional way of security,” says Paul Vanderborght. “I am convinced that zero trust offers a good solution for certain specific domains. By applying zero trust to an administrator with many access rights, for example, you increase the level of security.”

Broader than IT

Support from an external specialist can help a company to take the necessary steps around cybersecurity more quickly. Because whether we like it or not, security remains an important focus for every organization until further notice. “Cybersecurity requires a mindset that goes beyond IT,” says Paul Vanderborght. “It is an end-to-end story. Every department of the company must be involved. Starting from the risk you are willing to accept remains a good starting point, among other things, to determine the budget.” This provides a foundation to build on, not only with technology that provides protection but also with initiatives and training to raise awareness of cyber security to a higher level.

This blog was originally published on the DataNews website in Dutch and French. Access the NL or FR version here.

Learn how Capgemini can help you make cybersecurity your catalyst for transformation.