Technological cybersecurity solutions address only half the threats

Technological cybersecurity solutions address only half the threatsTechnology firms make up the vast majority of entrants in Cybersecurity Ventures’ Cybersecurity 500 list of the “hottest and most innovative cybersecurity companies to watch in 2015”. The top five players are advanced threat protection company FireEye, data security company Moka5, threat detection and response company AlienVault, live attack intelligence company Norse, and electronic fraud protection company Easy Solutions – all of them tech firms.

While technology is of course an essential component of any cybersecurity posture, it should be remembered that effective cybersecurity cannot be achieved through technology alone. Without proper staff training to ensure that technological solutions are deployed effectively, or processes to establish effective patch management, timely updates and regular network testing and evaluation, technology simply doesn’t do the job. Look at 2014’s slew of data breaches as an example.

High-profile examples like Sony and Staples – where massive data breaches occurred because of third-party security failings and inadequate access controls – are only the tip of the iceberg.

Privacy Rights Clearinghouse collates publicly available information about data breaches. While hacking or malware accounted for nearly half of 2014’s publicly recorded data breaches, nearly 10% of the year’s data losses were the result of malicious insiders according to its figures, and nearly 17% were down to unintended disclosure. The loss of devices and non-electronic records accounted for nearly 22% of 2014’s recorded data breaches. None of these issues would or could have been addressed with technology alone.

Effective cybersecurity encompasses people, processes, and technology. Too many companies believe themselves secure against cyber threats because they have the latest and most expensive software, but in reality cybersecurity is a matter of striking a balance between your staff, the policies and processes you have in place, and the technological solutions you deploy to suit your business model and organizational goals.

ISO 27001

The international standard ISO 27001 specifies the best-practice requirements of an information security management system (ISMS), an enterprise-wide approach to cybersecurity that covers people, processes, and technology. More and more organizations worldwide are implementing the Standard to establish a solid cybersecurity regime and to prove their commitment to it. In fact, annual registrations to the Standard have increased 36% in the US alone according to the latest ISO figures.

Thanks to IT Governance’s fixed-price ISO 27001 Packaged Solutions, US organizations can take advantage of expert ISO 27001 consultancy to implement an ISMS for as little as $14,995, and organizations with fewer than 20 members of staff can achieve ISO 27001 registration for as little as $7,650.

With its unique combination of standards, books, toolkits, software, training, and online consultancy, IT Governance’s Get A Lot Of Help package provides US organizations with all they need to implement the Standard and ensure their cybersecurity.

Click for more information >>

ISO 27001 Packaged Solutions

No Responses