Today, optimal protection against organised digital break-in attempts or cyber crime syndicates is a need and necessity. Yet, many companies and government organisations do not have proper protection. More and more organisations are falling victim to 'casual cybercrime': casual hackers that jimmy the locks on digital doors until they find someone somewhere who missed the latest security update, didn’t install the newest patch, or left an idle portal open.
“The crown jewels of organisations are successfully attacked without using advanced methods,” said the Ministry of Justice and Security last year in the Cyber Security Assessment Netherlands (CSAN). The National Coordinator for Security and Counterterrorism stated that even ‘state actors’ are surprisingly often successful at very simple attack techniques.
The vulnerability in a striking number of organisations is much higher than necessary, because of available measures simply not being implemented. The WannaCry and BadRabbit ransomware attacks, for example, took advantage of vulnerabilities for which security updates had been available for months. The victims just had not installed them yet. In other cases, the victims did not (yet) know about the vulnerabilities, but “basic measures would have formed a barrier or lessened the consequences.”
An important cause of this vulnerability lies in the growing complexity of the IT landscape and a rapidly increasing lack of properly schooled cyber security staff. According to the CSAN, this can be seen from the many incidents resulting from configuration errors, but also, for instance from the fact that many cyber attacks go unnoticed for months at a time. Companies’ own IT departments simply do not have enough time or knowledge to maintain basic hygiene of the constantly expanding IT infrastructure.
Security by design
Solvinity says: security starts with the infrastructure that forms the foundation of the entire IT environment. That means “Security by Design”: that all processes, applications and systems are monitored continuously for possible weaknesses – hardening – starting right from the design phase. At Solvinity, we constantly check to make sure all hardware and software in the organisation is properly and safely configured - not once, but for every single change that is implemented. After all, a small change to one system can have major consequences for the other side of the organisation.
Solvinity boasts many years of experience in cyber security in critical environments. Our infrastructure has been carefully segmented to keep risks manageable. We have bundled the knowledge gained through this experience into a blueprint, enabling us to rapidly migrate customers to a secure model in which cyber security is combined with optimal flexibility and availability. Specialists continuously test our infrastructure and optimise the model based on new insights and developments in information technology. We automate and standardise labour-intensive security processes. Close collaboration with customers ensures maximum acceptance of our security measures and smooth integration of existing IT environments.
This foundation is the standard
Security by design is the standard. In order to guarantee the high security level of our total infrastructure, no concessions are made and the prescribed standard approach is the basis for each new environment. Even if a company or organisation would settle for less. The goal is to bring each IT environment to a higher security level - and to keep it there, even if the organisation continues to change strongly due to innovation and transformation. When doing so, we always consider organisations’ demands concerning speed and flexibility: wherever necessary, together with the customer, we investigate if extra measures are needed in the infrastructure, so that the security limits the availability and capacity as little as possible, even under extreme circumstances.
As this foundation and the protection it offers is so important, we invest a lot of time in customer relationships. We like short lines of communication and a personal approach with a fixed point of contact. We realise that IT teams that have built up their own environment over the years have to be convinced of the necessity of changing the infrastructure they have carefully built based on our insights. By transparently accounting for our choices, we ensure that the innovation, improvement and security of the infrastructure becomes a joint effort with broad support.
No organisation is ever completely invulnerable. But being unnecessarily vulnerable because of negligence and carelessness should not have to be the case for any organisation.
This article was published in the AG Connect magazine of May 2019. More info: www.agconnect.nl.