I was intrigued to read a recent opinion in the FT from a hacker and head of IBM X-Force. He made the point that for hackers ‘there is always a way in’, and that what companies need to trouble themselves with is not trying to keep attackers out, but what can be done to stop them grabbing data once they are in.
As the working world shifts once again, more and more companies are finding that it makes economic sense to encourage employees to use their own devices by adopting BYoD and BYoPC policies. This is undoubtedly true, but it also opens them up to risk. Every unmanaged laptop, tablet, home PC or smartphone that connects to the corporate network has the potential to open the gate to a hacker.
The real difficulty is in not knowing the status of that device. It may be protected by anti-virus software, but will this be a deterrent to a screen scraping or key-logging attack? Probably not.
As the IBM X-Force hacker explains: ‘There is a misconceived notion that the security arena is a battlefield. It is not. It is a chess board and requires foresight and calculated pawn placement to protect the king – your data’.
Given the onslaught that we face from sophisticated cybercriminals there is only one approach to take to protect the precious data that our businesses are built on and that is by adopting multiple layers of complementary solutions and services that work in tandem to block threats.
In an article just published in Top Business Tech, I outline the steps that need to be taken, the first and most important of which is to adopt zero-trust. This means that every user and every device is regarded as a threat and must be verified before it can be granted access to the network.
Companies must deploy solutions that can wrap their data and their applications securely. This way, even if a hacker has gained entry and is roaming the network, they can’t reach the sensitive information they are looking for – every attempt will be thwarted.
Of course organisations want to lower costs and keep employees productive, and BYoD helps in this aim, but to make it work, a zero trust policy backed up with dedicated endpoint protection is essential. The game is not about brute force, but making the right strategic move to protect data, at all costs.
Subscribe to our newsletter
For the latest insights into the quickly evolving cybersecurity landscape, please complete the form below and we will share our newsletter, SentryPost.
For a demo of our solutions and the opportunity to chat to our expert team, please complete the form below.