MONEY Magazine | Tribute to Cyber ​​Security | “Greek businesses do not get into the essence of cybersecurity”

MONEY Magazine | Tribute to Cyber ​​Security | “Greek businesses do not get into the essence of cybersecurity”

“Greek businesses do not get into the essence of cybersecurity”

The digital transformation of businesses, the migration of applications to the cloud, and the increase in remote work have resulted in an increase in cybersecurity threats. New threats are constantly appearing, making it difficult to protect corporate data, creating security insecurity among professionals in all industries.

The main digital risks faced by businesses today are divided into 2 pillars:\

  1. Availability & Business Continuity Threads with a framework and guide of the respective ISO22301, which develops in great depth the business continuity process, aiming at the continuation of entrepreneurship through threats or disasters.
  2. The consequences of leakage of corporate and personal data (Confidentiality Risks-GDPR) based on the fines imposed by the GDPR regulation, especially on services of special interest and bodies of public or private sector (hospitals, schools, NGOs, shipping companies, etc.). Threats should not be limited to the legal dimension only, but should also include Infrastructure Security and Privacy Risk studies with the participation of a Cybersecurity consultant in the DPO team. DPIA (privacy impact studies) needs to become more widespread, especially in distance learning, teleworking and medical applications.

The digital security of Greek businesses is largely limited mainly to the well-known and classic Penetration Test & SOC tools, without getting into the essence of cybersecurity (lack of training, lack of internal procedures and controls, non-monitoring of measurements, etc.).

Usually the user does not know how to distinguish malware in phishing campaigns. The database backup has never been tested if it works. The free encryption of Windows 10 laptops and drives is not used as much as it should. Half of corporate data is freely transferred to users’ personal gmail/dropboxes, and developers keep copies of databases outside the company.

The best practice for the overall monitoring of the degree of corporate protection are the various metrix, Key Performance Indicators & Key Risk Indicators. The Plan-Do-Check-Act cycle is supported by these necessary metrics at every step as a self-improvement guide.

Thus, statements of complacency such as “we are fine at security” or “I have antivirus & firewall, I don’t need anything else”, “I’m in the cloud, so I’m safe” obviously do not apply by definition, but to the extent that they are true, they should be accompanied by appropriate measurements. These should clearly point in the positive direction over the course of 12 months as evidence of the next steps.

Additional important practice would be Risk-Based Security Assessment. How do I avoid mass infection of files on the file server? How can I avoid leaking personal data if my accounting laptop is stolen? How do I operate if the rack in the computer room stops working due to a small water leak from the roof or a small local fire? Every risk requires a combination of actions, products and processes and is by no means treated unequivocally.

CBS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.