The days are gone – if indeed they ever really existed – when organisations of any kind could achieve acceptable, let alone strong, levels of cyber security by deploying a specific product or set of products.
Throughout the pandemic, cyber criminals have shown themselves to be as sophisticated and vigilant as ever in exploiting any and every vulnerability, as evidenced by the unprecedented explosion in number and variation of attacks across the world.
As the world adjusts to the reality of remote working into the future, organisations need to trust that the communications and technology suppliers they partner with have the most up-to-date and robust security practises in place, supporting their core digital systems and business operations.
So, what does that mean today?
The security landscape has become so vast and complex over the past decade or so that internationally-ratified cyber security certifications have become the most important indicator of an organisations’ preparedness to preempt and stave off today’s barrage of cyber incursions.
But while this is certainly the case, awareness of the need for more holistic cyber security approaches isn’t necessarily translating into actual best practice, with some organisations simply ticking the boxes when it comes to certification, compared with others that are genuinely weaving them into their digital DNA.
The most important - and current - security certification is the coveted ISO27001 standard.
Developed by ISO and the International Electrotechnical Commission (IEC), it belongs to the
ISO27000 family of security standards developed to help organisations adapt to the changing landscape, defined by greater numbers of remote workers, general mobility, cloud computing, IoT and the move to the edge.
These standards describe the criteria that businesses of all types should adhere to for ensuring the security and integrity of their critical data. Not only to keep it from falling into the wrong hands, but also to help improve operational efficiencies, staff confidence and morale, as well as community and industry reputation.
The ISO27001 standard is ultimately intended to help organisations develop an effective ISMS (information security management system). An ISMS is defined as a systematic approach to managing sensitive company information that takes account of people, processes and IT systems.
For this reason, achieving its aims requires commitment and ongoing vigilance.
Certification is assessed according to three key criteria:
- Systematic examination of the business’ information security risks, taking into account possible threats, vulnerabilities, and impacts.
- Implementation of a comprehensive suite of information security controls that addresses unacceptable risks.
- Adoption of an information security management system and processes to guarantee ongoing cyber security for the business.
Organisations need to know the telecommunications and technology partners they have entrusted take data security and integrity as seriously as they do, and have acquired the necessary, industry-best certifications to prove it.
Security standards such as ISO27001 are the future of true cyber security within organisations today. They’re important to help discover not only the right combination of technologies, but also for the establishment of rigorous, self-auditing, processes and controls.
However, achieving their intended aims demands a deep understanding and commitment to implementing and maintaining these standards moving forward, not just running through the certification checklist and then walking away.