Are your systems really well protected?

Author: Paperjam

24/10/2022

Cybersecurity

To face the threat, IT security professionals tend to multiply technological solutions, sometimes getting caught in an endless race and occasionally losing sight of what really matters.

Digital technology has infiltrated every corner of our daily lives. “Everything, in one way or another, relies on digital technology today,” comments Yvon Boutry, Security Team Leader at Proximus NXT. “This has made us highly dependent on technology. For those responsible for ensuring system availability and data security, this awareness brings heavy responsibilities and an increasing workload, ranging from risk analysis to threat detection and patching components due to newly identified vulnerabilities.”

Security management has become increasingly complex due to the opening of systems to the outside, the widening of the protection perimeter, the transition to hybrid or public cloud, and the growing interdependence of solutions. “The multiplication of deployed technologies makes it extremely difficult to track everything,” the expert continues. “Increasingly, organizations turn to external providers, like us, to keep systems up to date and ensure security patching of components,” he explains.

A technological runaway

While the heightened awareness of risks is positive, are the responses to prevent and manage them truly appropriate? “Faced with threats, security teams tend to focus on technology, multiplying security projects and deploying new solutions,” explains Yvon Boutry. “It’s a never-ending process, akin to technological runaway.”

If you ask security professionals whether they consider their environment well protected, many will say yes. However, the same professionals also acknowledge that the solutions in place are not necessarily “sufficient” to guarantee optimal and sustainable protection, despite the investments made.

Taking a step back is necessary

Furthermore, this accumulation of technologies becomes increasingly difficult to manage. “More and more security professionals are absorbed by managing this complex environment and no longer have a comprehensive overview,” laments Yvon Boutry. “They simply don’t have the time to step back and critically challenge their overall security approach.”

While the multiplication of technical solutions is inevitable, the fundamentals should not be forgotten. “A robust security approach means returning to common sense and being able to critically evaluate the overall security strategy,” comments Yvon Boutry. What’s the point of heavily investing in complex solutions if basic principles are neglected and these solutions are poorly configured? “The accumulation of tasks for security teams, due to the increasing complexity of the profession and the proliferation of solutions, tends to raise the likelihood of such errors.”

Therefore, regularly checking various devices and their interactions within your IT infrastructure and with your partners is essential to reasonably ensure your security level.

No single practice can guarantee complete control over risks and security. Patching is important but cannot be done in isolation; it must be accompanied by regular configuration reviews.