I will speak about Estonia rather my home country because I'm not sure of the scent there. Estonia is famous for having a healthy cyber-security community and we will check whether the formula is applied or not and to what extent it's applied.
The Hacker and security consultant Kevin Mitnick has put a very simple formula to enhance security in an organization:
· Technology: networks, firewalls, antiviruses...
· Training: awareness of different attacks
· Policy: set procedures and requirements
I think Estonian companies and governments taking good care of the first one with using security tools and technologies to ensure the security of their companies and hiring security specialists as well to implement these tools.
But the main problem are probably with the last two and their impact on the security of the organization. Teaching people and raising security awareness for them is rather boring and sometimes becomes repetitive but assuring that the people are ready and keeping the security measures in their mind is important because the breaches from people's side are very dangerous and their impact are huge. Now in Estonia I notice that even in IT companies security awareness isn't at the level that it should have because every level of the company has it's own awareness the developer isn't like the office boy isn't like the CTO but we rather find training for all of these people at the same level and with boring materials. For the 3rd point and it's the most boring I think the security for the buildings are ok but for the ways of working and managing the code bases and ensuring their security needs more working and alignments with developers and the main problem is to find a good specialist who have policies with technical knowledge at the same time.
Comments