During this extended period of lock-down and social distancing I like many of my family, friends and colleagues have had time to reflect and look back and realise just how quickly time flies when we are all busy earning a living and maintaining our busy lifestyles.
Personally I've been reflecting on the advice, guidance and knowledge I've been sharing with my clients as an information security professional over the last few years and I came across a presentation that I delivered at Pay-Sec Payment Security Summit in April 2015.
I was struck by the fact that key challenges five years ago are still very much the same today, and even more pertinent in some respects as many of us and our workforces find ourselves working remotely in isolation.
I've attached my original presentation slides in full here, with most of the messages as important today as they were in April 2015.
I've highlighted here some of the main points I made back in 2015 which still resonate loudly today:
Far too many attacks are successful because organisations have failed to patch known vulnerabilities
While attacks are growing in sophistication, many intrusions still rely on tried and tested techniques
It’s about taking security seriously
Too few firms have adequate defences in place…, it's about reacting fast, being forensically ready, know where your critical data is, and knowing if it's compromised
Many businesses would likely reap the rewards of a solid and easy-to-understand security basics training course
Most of the attacks seen on a day to day basis are not hugely different to what's gone before -the primary areas of sophistication tend to be the ways in which attackers convince people to double click on an executable file
While a lot of attacks may seem ‘old hat’ far too many businesses continue to keep falling for them
Most organisations largely face attackers casting a wide net looking for low-hanging fruit
Know about your assets -where are your crown jewels, who manages them
There's never been a better time to invest in a layered approach to security
Enjoy the trip down memory lane and take a look at the original slides above; it may not be as enthralling as FA Cup re-runs (I do not apologise for being an Ipswich Town supporter and the inclusion of their glorious FA Cup winning team of 1978 in the presentation!) but it will provide you with greater insight into information security strategy and governance!
UKDataSecure can assist you with managing, demystifying and simplifying all of the above challenges which are fundamentally the same now as they were over five years ago.
Please book a short call with us as soon as you can using this link https://bit.ly/ukdsbookacall to talk to us about how we can help you as you continue to plan your post COVID-19 lockdown information security and data privacy strategy.
This short guide may also be of interest to you as it explains a little more about what we do and how organisations similar to yours have benefitted from working with us https://bit.ly/ukdstestimonials
Note: I am no longer Chairperson of the UK Merchants PCI Working Group as I was in April 2015; the Group is still very much active (subject to COVID-19 current restrictions) and I am still a very active member of the Group on behalf of my clients. If this highly respected Group is of interest to you please let me know and I can have an invitation to join extended to you.
Comments