Secure your information security management
December 22, 2017 – Information security management is one of the most challenging topics companies are facing today. It is not easy to set up a proper IT infrastructure or maintain the existing IT landscape to protect your information assets and reputation against the risks of Cybercrime. At the latest the WannaCry attack was a wake-up call for those who were dozing and not paying sufficient attention to this topic. Moreover, it is difficult to hire knowledgeable people because of the lack of qualified professionals in the market.
With the entry into force of the GDPR (the EU General Data Protection Regulation) in May next year the situation will not get any better. The near-future obligation to implement and document technical and organizational measures to protect your personal data assets, coupled to severe penalties for violations, will increase the need for investments and expertise.
There is no time to lose for companies to develop and employ strategies to handle the increasing complexity of information security management. To cover the technical part of cyber security you need knowledge in endpoint protection, remote access control, and firewalls (to name some of the mandatory tools), but nowadays the main entry point for attacks are stolen user names and passwords. Cyber criminals today don´t hack your network; they just login.
That is why education of employees plays a crucial role in your strategy. We recommend attending expert seminars and applying a train-the-trainer approach to grow a substantial internal knowledge base and raise awareness. Building up in-house competence in information security management enables companies to attract young talents and train them in roles like IT Security Analyst, Security Architect and Data Protection Officer. In the medium term, this might be the best way to cope with higher regulatory demands and criminal threat, and to resolve the current shortage of qualified specialists.
Author: Andreas Wolf is Partner at Avoras AG, Technology & People.