Why you better secure your IT
Published on 12/12/2019 in Inspire
As a company, you cannot avoid comprehensive IT security. If it’s not to keep hackers at bay, it’s to come successfully through a security audit. Cybercrime and new legislation are guiding the need for security.
For companies aiming to survive in the long term, digitalization is no longer an option, because there are major implications. “The use of mobile devices is assuming an increasingly major role here,” says Christophe Crous, Head of Security and Service Intelligence at Proximus.
Have your entire IT environment secured and maintained 24/7. Download the e-book Managed Security and Intelligence Services.
Watch the video about security.
“What’s more, companies connect their applications to the processes of other organizations, etc.” The consequence? The IT infrastructure looks far different today than it did some three or five years ago. “This has significant consequences for security management,” Christophe says. “The attack surface has grown enormously. In short: companies are exposed to far more cyber danger than before.”
Audits for GDPR and NIS
At the same time, the law also imposes requirements on digitalization. Just think of GDPR, which obliges companies to deal carefully with privacy-sensitive data, or the NIS directive for network and information security. “So if you haven’t been hacked yet, you’ll be audited in any case,” says Christophe.
“As a company, you really can’t get round security.” However, the new circumstances call for a different approach. The traditional security perimeter is no longer enough. “In many cases, companies don’t have their own datacenter anymore. Data are kept in the cloud and provide fuel for applications that run at business partners – and you, as a company, often don’t know in detail how seriously they take their IT security.”
As a company, you have to determine what IT risk you may, can and want to accept, and what it may cost to maintain that risk profile.
Christophe Crous, Head of Security & Service Intelligence at Proximus
This means that now more than ever, security is a balancing act. It’s about striking the right balance between innovation – for example via cooperation with disruptive start-ups – and your own, trusted IT security. “Security these days is primarily an exercise in risk management,” said Christophe. “As a company, you have to determine what IT risk you may, can and want to accept, and what it may cost to maintain that risk profile.”
An added difficulty is that hackers, too, have access to all the new technology. “They too work in the cloud, with IoT, with artificial intelligence and machine learning.” Polymorphic attacks are among the latest techniques. “These are attacks that change shape. A perfectly normal, harmless email, for instance, keeps quiet for a while first, then combines with another element and launches an attack, just like that.”
Cybercrime is a business model
“The most striking thing about cybercrime, is that it has now become highly professionalized.” Hackers are no longer mischievous teenagers or activists. Cybercrime, these days, is a business model. “It’s all about money,” says Christophe, “so no one is safe. What’s more, precisely as a result of digitalization, companies are more dependent than ever on digital technology. When something goes wrong with it, it often has far-reaching consequences.”
With initiatives like GDPR and NIS, the law aims to prevent that. “Even if you yourself have no affinity with IT, you still have to deal with security. Companies need to realize that. If their IT security is not in order, soon no one will want to do business with them any longer.”
Cybersecurity is the number 1 priority for hospitals. Read how they opt for security.
Christophe Crous is an industrial engineer specialized in electronics. He began his career at Telindus, as it was then. For the past few years he has been Head of Security & Service Intelligence at Proximus.