You can't protect what you don't know

You can't protect what you don't know: this old(ish) cyber security maxim profoundly illustrates one of the biggest problems facing cyber security professionals today

You can't protect what you don't know: this old(ish) cyber security maxim profoundly illustrates one of the biggest problems facing cyber security professionals today – how can I defend my organisation from attackers when I don’t even know what my cyber estate looks like? The traditional cyber perimeter is evolving so fast that most organisations struggle to determine where exactly their critical information assets reside; let alone put in place effective controls to ensure that business critical information and systems are secure. For the purposes of this article, I am going to focus on an area that most IT managers and Information Security professionals struggle with, namely, continuous visibility of cyber assets and the management of vulnerabilities thereon. 

 Using your physical offices as an analogy, do you have a programme or service in place to ensure that all your physical security measures are “on” and working optimally? Do you regularly test your alarm system and electric fence, do you have 24/7 security patrolling your perimeter to ensure that no intruders have breached your security and do you have access control to ensure only “known” entities are allowed to enter your premises? Do you routinely check that a hole has not been cut in your border fence and once aware of this vulnerability, do you not tend to it immediately? South Africans are acutely aware of the need for proper physical security, but why do we not treat our cyber security with the same degree of gravitas? Regardless of what business we are in, the vast majority of our IP and other critical business information resides on IT infrastructure or is contained within applications. So surely the threat posed by cyber criminals is now greater (and potentially more costly) than then that posed by physical criminals? There are also now multiple examples of the damage a single cyber breach can do to a company, and Equifax is a good example of how a 120 year old organisation may potentially shut its doors after a single breach. 

So what practical measures can we put in place to ensure that we at least have visibility of our cyber estate, as well as whether there are any critical vulnerabilities that need to be addressed? 

Camargue Underwriting Managers has partnered with Magix to offer vulnerability and web applications assessments, when a new cyber liability policy placed. This means that within a couple of hours, we are able to provide a report that shows what assets are “live” and connected to the internet, how vulnerable those systems are to attack (graded in terms of severity), and most importantly, how to remediate those vulnerabilities in the most effective manner. And with 75% of hacks happening at the application layer, we are also able to provide the exact same assessment on business critical web applications like websites, client portals or e-commerce sites. And whilst this is by no means the be all and end all of your cyber security practice, it does go a long way to providing the visibility required to better protect your cyber estate.

More News Stories

October 12, 2021
Camargue | Brit Announcement

Camargue Underwriting Managers (“Camargue”) announced that Brit Insurance Holdings Limited (“Brit”), the global specialty insurer and reinsurer, has acquired a further interest in Camargue, taking its ownership to 100% of the business.

Read story
October 8, 2021
Can Covid 19 be used as a supervening impossibility defence?

Covid 19 has been in the spotlight for an extended period and will probably continue to be a lively topic of discussion for the foreseeable future. The Covid pandemic has undoubtedly had a negative impact on businesses resulting in the failure to perform contractually.

Read story
May 20, 2021
The COVID-19 Pandemic: A Black Swan event & Claim trends

The revolutionary idea that defines the boundary between modern times and the past is our ability to understand and manage risk - it converted the unknown future from an enemy into an opportunity (Bernstein Against the Gods – The Remarkable Story of Risk).

Read story