Cybersecurity’s complexity can leave many companies scratching their heads as to the best approaches to take on the matter. This is why Holland FinTech, in cooperation with Innopay, is organising an event on cybersecurity fundamentals on June 13th in Amsterdam. In preparation for this session, Holland FinTech sat down with Jelger Groenland, Innopay’s cybersecurity lead, to talk a bit about what cybersecurity is all about and why it is important.
It’s all about the CIA—confidentiality, integrity, and availability
In today’s digital world, cybersecurity is important because it stands at the core of business. “Trust is a fundamental part of doing business, and cybersecurity is an indispensable part of building this trust, whether it’s with customers or business partners,” Groenland says.
In cybersecurity, trust is built by providing services and structures that bolster confidentiality, integrity, and availability. Without trust, it is difficult to retain customers and foster fruitful business relationships, which in turn can affect bottom lines and undermine customer bases. “Just look at the recent Facebook-Cambridge Analytica scandal,” Groenland notes, “ their users could very well say they don’t trust Facebook with their data and take themselves to another platform.”
But building trust is easier said than done due to the complexity of both threats and the solutions available to respond to them.
Start with business needs, not tech
Solving the cybersecurity equation for most companies will involve implementing some type of technology, such as an identity and access management system or endpoint protection solution. And it’s easy to get caught-up in all the tech solutions that are available and providers out there trying to sell these products.
“But companies shouldn’t start with tech: they should start by understanding their business needs,” advises Groenland. This breaks down into understanding the risk profile and evaluating the maturity of an organisation in different cybersecurity areas. In terms of the latter point, for example, employees may not password protect their computers, or they may leave sensitive documents laying on their desks, meaning they are not completely aware of how these can be entry points for breaches.
In order for companies to understand their key threats, needs, and areas for improvement, they can apply security standards such as the ISO 2700 series and NITS 800-53. These standards cover the gamut of security needs, such as access control, data security, incident response, and cloud security. The standards are also accessible to, and used by, smaller organisations as well as large financial institutions and can be used to direct companies’ cybersecurity efforts.
The road ahead—the perfect storm for cybersecurity
“We are currently in the perfect storm for cybersecurity,” says Groenland, speaking about how regulations, such as PSD2 and GDPR, reinforce and drive the need to have functioning cybersecurity measures in place for organisations. These regulations are driving requirements for robust cybersecurity, ultimately to foster trust in businesses and their digital organisation and processes.
Hear more about cybersecurity’s ins-and-outs on June 13that our Knowledge Bites event titled “Everything you always wanted to know about cybersecurity but never dared to ask.” You can find more information about the event and sign up here.
By Elliot Lyons, Research Analyst