There is a usual comforting assumption that the mere application of a single measure can imply security, just like how armed forces’ presence around an area that has been hit by a terrorist attack can make people feel more secure. But when you need protection from hostile forces, is a single measure enough to enforce security? Security is not one-dimensional, in contrast, it is a multifactorial system that requires more than a single measure to be assessed and more than a single approach to be addressed.
Similarly, you would think that installing an antivirus software on a computer would protect the user from possible attacks, something that is true, but only partially. What if the user’s password choices were so weak that would easily allow a hacker to intrude into vital accounts? An antivirus software will indeed protect from a malware attack, but software technology is not the only parameter that defines security. When it comes to passwords for example, users’ judgement and thinking are vital aspects of the protection as well.
Properly assessing what needs to be protected, whether it is a single user or a complex organization, takes a lot of tailoring. Every case is different with unique factors and different requirements, but what all cases share as common ground, is that their protection breaks down into three different parameters, people, processes and technology. Therefore, security is a three-dimensional system.
Strength is, undeniably a key factor in pursuing security. Organizations add many layers of protective technology (such as Firewalls, IDS, WAF etc.) trying to reduce their exposure to harmful behaviour and fortify themselves against known and unknown threats, just like we used to build walls around cities or we choose safety doors for our houses. Managing an organizations’ exposure requires vulnerability assessments and penetration tests to assess existing technology, suggest new additions and identify potential backdoors.
Discipline is also a key factor, as homogenized governance is able to minimise risk, allowing an organization to protect itself against potential systemic flaws hidden in various disparate internal processes. A very important part of risk management is compliance, as processes not only might have to be rethought over but also enforced within an organization. The fact that we need to set up strong passwords for example, might seem obvious, but even this simple rule needs to be part of a wider set of obligations described in internal processes.
Lastly, this three-pillar concept wouldn’t be possible to sustain itself without the contribution of intelligence meant to identify, analyze, predict even prevent possible threats, taking advantage of the vital information the two other systemic pillars can provide. Besides, intelligence is not only useful when setting up precautionary measures, but also vital in threat containment, as people prove to be indispensable for evaluating an incident and deciding the response strategy during a crisis.
Just like any other type of risk, in order to manage cyber risk effectively, strength, discipline and intelligence should be combined into a protection system that will determine the appropriate blending of measures needed to ensure security depending on each case. Just like the ERP systems evolved to address the need for centralization and consolidation, allowing decision-makers to reflect upon key performance indicators and make insightful decisions, information security shall be addressed through a singular yet agile system, functioning as a centralised operational cockpit.
We, at OBRELA, have envisioned, designed and engineered an integrated cyber risk management platform that orchestrates controls in the diverse facets of cybersecurity operations and consolidates security related data under a single data lake enabling real time analytics and supporting informed decisions based on clear-cut risk assessment. Our solution puts an end to the complexity of the multi-split security sprawl that enterprises across the world have to deal with on a daily basis, while ensures the ability to adapt to a rapidly changing, turbulent environment, effectively attuning cyber protection to emerging new threats.
OBRELA’s Integrated Cyber Risk Management solution offers an “Umbrella” or cybersecurity services and creates a robust system of protection exploiting the benefits of people, process and technology integration, providing our clients, accordingly, with Threat, Risk and Exposure management services that not only complement each other but also can be adjusted to an organisation’s needs providing accurate, tailor-made protection addressing the information security objective comprehensively.