Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | Pardot Privacy Policy | Oktopost Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Detection is not enough for today’s complex cyber threats


Posted on: June 2, 2015 by Graham Francis

When some 500 years ago, Leonardo Da Vinci wrote –‘realize that everything connects to everything else’, he was probably making some sort of metaphysical point; but increasingly today, in the digital world it is almost becoming a statement of fact.

A connected world challenges security

As we strive for greater efficiencies and to exploit advances in technology, often this involves expanding the range of our ‘connectivity’ – adding new customers, new suppliers, data feeds for Big Data Analytics, using social media; changing the way we obtain IT capability, with commodity pricing, cloud services and striving for ‘digital transformation’. We want mobility in our working lives and we want to bring our own devices to work. What is all that doing to the inherent security of the information systems we already had?

There is a need for a holistic approach to cyber security, and an understanding that almost any change requires us to think about what collateral implications that might have for the entire infrastructure. We need to plan, monitor, respond and recover from whatever the connected world throws at us - protecting not just the information systems, but the business processes it underpins.

But we have been there before – in the 1970s and 80s when architects were designing buildings, housing estates and whole communities that were beautiful to look at but inherently flawed as a secure environment to live or to work in – leading to the development of the concepts of ‘Secure by Design’ and the crucial role people must play in making security effective, which now determine the balance between aesthetics and security. We should consider what lessons can be learned from that process.

Information Security is a critical business enabler

Information Security should be viewed as a critical business enabler, bringing clear value and benefits, rather than an overhead to be tolerated. It must be appropriately targeted to manage risk effectively, allowing you to understand and manage the residual risks. It is not how much you invest but how well you invest it.

Of course, there will always be a very small percentage of threats that organisations are not able to protect their businesses against, as the cost to do so would be extraordinarily high. Therefore, they must strike a balance to ensure they’re making investment in the right areas of security to remain in control of the business without breaking the bank.

New market opportunities, new ways of working and new risks

The digital era is something of a double-edged sword: there is a constant dynamic between new market opportunities, new ways of working and new risks that emerge as a consequence. Together, those opportunities and the evolving risk landscape need to be managed to give a complete overview of the business operations. If we introduce new ways of working then we also need to have a good understanding of the potential new risks we are opening ourselves up to. By doing this, we can take steps to mitigate against it.

Security policies aligned to new situations

So organisations are required to constantly adapt to these new situations – to maintain a competitive advantage but also, to answer to the regulators. Understanding what the regulatory landscape means from a security perspective enables enterprises to prove that their businesses are taking the correct measures, building trust with their customers in return. Ensuring their Information Security policies always stay aligned with the new situations will enable them to harvest all the benefits of the digital era and run their businesses much more effectively.

 

Share this blog article


About Graham Francis
Head of Digital Security, BDS Northern Europe
Graham leads the team responsible for the design, build and running of Atos’ digital security portfolio in Northern Europe. Graham is an accomplished cyber security executive, having held a number of leadership positions over the course of a 20-year-long career. He has vast experience helping clients improve their security, risk and compliance posture in an ever-evolving threat landscape.

Follow or contact Graham