Christophe Verhaeghe has been managing all IT security projects for EASI since 2009. As Business Unit Manager for Security he takes pleasure in sharing his expertise with SMEs. Here are some questions about his latest whitepaper.
Dit artikel in het Nederlands? Cette article en Français?
What prompted the writing of this whitepaper?
Christophe: "SMEs constitute the vast majority of Belgian companies. They are preoccupied with what they do well (selling their products, development) but not with security. Although the figures keep proving that they are more vulnerable than ever, they do not realize what risks they are taking.”
Do most SMEs have no security?
Christophe: "Let us say that nowadays, SMEs are trying to catch up. They protect themselves, but often not in the right way. Many companies have installed an antivirus on their laptops or have set up a firewall that is running, and that will be well and good. It provides above all, a sort of peace of mind because they have installed “something.” But this type of security is certainly insufficient because modern techniques have become more cunning.”
"In practice, it boils down to the fact that most companies have no access to or ‘visibility’ as to what goes on in their systems and applications that contain data. These days, data is no longer stored in an on premise server cubicle, but dispersed everywhere: on tablets, laptops, smartphones, in one or more clouds, and so on. And how do you want to protect something if you do not know where it is and what falters? Sometimes companies have a test conducted and that is great, but these tests are merely snapshots that say nothing about the future. Furthermore, very often the reports they get from these tests are only just that, and no further action is taken to protect the data.”
"A company that has been hacked in the past, will probably have a back-up policy, but that is often in response to the previous threat it faced. They then think everything is fine now. But we often see new attacks are different and their new protection or back-up policy is not protected for other types of attacks. Generally speaking it often turns out that despite major investment, they are not well protected after all.”
Where does this security deficit come from?
Christophe: "I can easily summarize the reasons for you. They do not have enough means and resources, or they have too little time to pay attention to the matter, or there is too little expertise in-house. And then, there is another category. They think “it will not happen to us.”
"SMEs do their best, but they do not protect themselves well. That is precisely why it is so important to inform them of the current state of affairs and the possible solutions.”
What can people learn from this whitepaper?
Christophe: "It has become a very clear document. Vulnerability Scanning is not well known to everyone yet and I would like to inform SME's about the possibilities they have to be well protected AT ALL TIMES; how they can know what is going on in their network or on their devices; how they can save money; what they should do themselves, and perhaps what can be outsourced. Even the search for a tool takes a lot of energy if you lack specific knowledge, and that is why this document is very low-threshold and clearly structured with a final checklist as a guide to searching for a tool.”
"Of course, you can do everything yourself. That is why the document is clearly structured. Nevertheless, I am convinced that most SMEs are looking for a solution that rids them of frets and worries, where they do not have to make any extra efforts themselves, one that protects them continuously and for which they do not pay through the nose. I therefore strongly recommend that they read this whitepaper.”
