What’s with all the discussions about the need for a cybersecurity strategy and corresponding solutions?
I am at the IT Security Strategy Days at Schloss Bensberg (https://www.businessfactors.de/de/conferences/it-security/) and there is a lot of talk about this topic.
Of course, I hear from CEOs, CIOs and all the other C…’s again: “The legislator has to pass a law that makes it mandatory so that I can introduce or enforce it in our company or provide the money!”
Quite frankly: “Are you crazy? Another law that will take forever and, above all, who will monitor it? Quite apart from the fact that the awareness should already be there today after all the known incidents. Otherwise you’re really in the wrong place!”
I have my own approach/thoughts:
In my opinion, cybersecurity insurers should categorize each company into price segments according to ethical hacking scores. Just like the TÜV, have the companies undergo a penetration test by the insurance company’s own hackers before signing a contract and then assign scores. It is also clear that there is no such thing as a truly secure company. The advantage of this is that insurance companies can introduce such a test without the legislator and if the insurance policy is then only available at a very high price or not at all – because the insurance companies aren’t stupid either! – the upper echelons will also realize that there is a need for action.
Another approach would be to create an ethical hacking report during certification – i.e. before certification and also during audits. I don’t know whether this has to be demanded by the legislator or can be introduced independently by the certification authorities.
The reports and scores – of course, they also have to be defined somehow. Who does this, how and which scores on what basis, blah blah blah. But if recognized specialists get together here – technicians and not theoreticians – a workable way will soon be found. I am convinced of that.
Yes, appropriate solutions and know-how cost money. I am aware of that too. But ask yourself what it costs when company data is encrypted? What does the loss of reputation cost? What does a data leak cost if customer data is stolen? What does it cost if production comes to a standstill? What is the cost if policyholders cannot access their data or receive necessary payments?
Delete the last point with the insurance companies 🙂 DORA (Digital Operational Resilience Act) is finally becoming mandatory there.
And now – after my above opinion – here to my recommendation:
Use solutions from a few hands. In other words, solutions from one or two manufacturers that complement each other seamlessly. Use these solutions 100%!
In my daily work as a senior software consultant, I see many companies that use lots of isolated solutions. Often even larger solutions, but only in small areas. The solutions often overlap in terms of functions. So my recommendation: consolidation and training.
Logically, I also have a recommendation for a manufacturer that can not only cover all aspects of security, but also provide support with consolidation and evaluation. ManageEngine is my recommendation.
I personally fully support ManageEngine because they convince me as a technician every day. They are a one-stop Vendor and I also have partners worldwide in my own language as contacts, consultants and supporters.
Take a look at the portfolio, talk to the partners in your countries or to ManageEngine directly. I am convinced that it will lead to positive results. Safety-wise, financially and in human terms.
I will also be happy to help you with the right contacts.
Leave a Comment