Network security, the responsibility of the senior managers

Network security has not really get strict definition, but, in practice, it is a new type of security-related challenges, as the digital transformation, as well as our reliance on interrelated number system and service development, affect the safety of organization and the society as a whole, "Finland, director of the center for transportation and defense communication agency national network securityArttu LehmuskallioSaid.

Also refers to the network security, an organization can be used to protect critical business systems, software, equipment and measures of data communication network from any network threat.Cyber threats, in turn, is harmful event or process, may affect the organization's operations, finance, data, reputation, even in the worst case, can also affect the continuity of the business.

Through his work, Lehmuskallio has rich experience in network events, and are used to look at problems from the perspective of risk."Sometimes I expect them to know, do we really know the direction of the digital transformation.Do we really know about it all the risk
And the consequences?"

Open communication will benefit all people

Denial of service attack, extortion, C E O fraud, software, data, leak social engineering...Number of criminals operating environment for IT and OT environment offers a variety of opportunities, any enterprise rely on technology, big and small, have become the risk of network crime target.

Is not necessarily your own organization under direct attack.

"To make things more complicated, is not necessarily a direct attacks on your organization, it could be one of your business network group
Weave, the question is will have a significant impact on your business."Lehmuskallio explains.

Understand such digital interconnection between organization is a key part of the prevention network threats.Ensure that all parties abide by the network safety standards, openly share information about threats is very important.

"In general, all organizations within a department or cluster will benefit from the sharing best practices, can from their experience of network attack benefit of public communication and dialogue."

Network security is the responsibility of top management

Previously, the network security is only part of the IT security professionals focus on the problem.But, this kind of situation is changing, because senior management personnel and others more and more aware of threats and the potentially damaging to the enterprise network.Network security is increasingly becoming senior management and board concerns, and supposed to be.

"According to the Finnish company in a recent study, senior management personnel to participate in and give priority to the organization of network security, better able to respond to cyber attacks, and can quickly recover from cyber attacks well prepared.These organizations have accepted this fact that the defense against cyber threats requires constant analysis and investment."Lehmuskallio said.

As a result of huge potential, network security shall be an integral part of the company's risk management, and comprehensive business continuity plan needs to include network attack recovery plan.Remember this is especially important, compared with many other risks, need more frequently related to network security risk assessment, it is best to real-time assessment.All of these make network security strategy.

"For example, when new leaks from the service, it will not only immediately before the security services is considered to be unsafe, but also actively to carry on the back.Discussed this means that the system may be in the entire life cycle is not safe.There is no guarantee that the vulnerability was used as early as a few years ago and did not find."

The correct policy support network security decision

Crafted network security strategy is a good tool to guide the organization's development towards a more secure IT and the OT system development, and enhance safety procedures in the daily operation.Network security strategy program may include, for example, to identify and assess potential risks, the organization, including its business network) assessment of network security status in reality, as well as related development and resource allocation decisions.

About 90% of large network is completed through the personal attack.

"Strategy should also suggests that the organization is associated with network security goals and objectives, and help to achieve these goals, actions and routine."Lehmuskallio said.

In addition, through communication, training, and crisis, enhance staff awareness of cyber threats is also very important.
About 90% of the network attack was conducted by individuals, personnel is often thought to be the weakest link.This is understandable, because we human beings easily become the target of attack, we are strong, we want to please, we don't want to be humiliated, and so on.

"But, in my opinion, to create a network security environment and culture, help individuals insist on safe practices, make the right decisions, and limit the individual employee may damage, it is the responsibility of the organization and its top management."

Practice makes perfect - not to be missed opportunity

Network security drill is testing organization rule of crisis management, the role of processes and practices, as well as improve the crisis to bear ability and acceleration is an excellent method to recover from network security events.

"Company exercises should be regarded as a kind of crisis, can choose the timing of the crisis and influence, is arguably a 'free' crisis."Lehmuskallio said.The benefits of exercise and, in the event of a serious security incidents, improve staff and policymakers, response and recovery skills of observation, and can more quickly to the allocation of resources to determine the vulnerable areas."

Extremely important harvest is the supplier dependent further understanding, and enhance the identification and management of personal threats in network environment."Lehmuskallio concluded.

Wen: Sanna Haanpaa - Liukko