As IT has become more and more central to business, and indeed to everyday life, the old methods of dealing with cyberthreats, from anti-virus software to firewalls, are no longer enough.
Explaining this can, at times, be a challenge, however, in light of a decade of hitherto consistent messaging on the topic. Damien Mallon, senior systems engineer at Datapac, which includes security among its service provisions to businesses, has a gambit to get people to think about how things have changed.
“To start conversations off I say this: the corporate network now is the internet; it's not just the stuff sitting in the data centre,” he said.
Central to this is the fact that how we use data has changed as new techniques and technologies have become available, but also in response to how we live and work.
Indeed, a change has been dramatic in the last two years, but while remote working driven by the pandemic has played a major role, it is not the only factor. Wider changes in how businesses and workers operate were already at play.
“The workplace has just been blown apart. Covid has played a role in that but it was already underway,” Mallon said.
Today, whether in the form of branch offices or home-based workers, secure access to data means rethinking how networks operate.
“Many people have growing numbers of branches. If you think of a business with a HQ and 20 branch offices across the country, it might manage via a VPN [virtual private network]. That is a mess: you have traffic being manholed through HQ,” Mallon said.
Put simply, today things are so dispersed that taking security seriously requires a different solution.
“Point products on their own just won't do it, as today they leave you having no visibility and no control,” said Mallon.
A significant part of the solution is to put the reality of today’s cloud-centric IT at the centre of things, using a centralised cloud security system that connects to every system and every device.
“That stops you having to run all your traffic back through the HQ, which is too admin-heavy and has performance problems,” Mallon said.
At the centre there needs to be a policy, from which everything flows, including recovery and meeting industry standards is a great help.
“When you start talking about disaster recovery and back-ups, you really are fitting it into a security policy and an information security policy. We at Datapac got certified ISO 27001 some years ago. It's not a security certification itself but it goes hand in hand with it,” Mallon said.
Given the complexity of the issue, not to mention the fact that businesses, especially small and medium businesses, are already busy, it can be a real challenge to stay on top of all of this. As a result, many resort to a tick-box approach.
This is a problem, Mallon said. However, working with a partner not only deals with it, it brings added benefits by sharing scarce resources.
“In reality security has many moving parts, there’s nothing static about it. We have a 24/7 response centre you’re essentially moving your response out, and this means we can provide something which a small or medium business would not have the budget for, nor could they get the expertise or have access to the tools,” he said.
Having the ability to respond around the clock means damage can be stopped or reduced, Mallon said, as cyber criminals were intentionally targeting businesses at times when they are the most vulnerable.
“Ninety-nine per cent of the time you hear about a ransomware attack, it's the next morning, when someone goes to get a file. The criminals know to attack when people aren’t there,” he said.