From theory to practice: planning cyber security efficiently and according to budget

21. October, 2021

Incorporate practice, cyber security is not only a question of suitable technology or the current threat situation but primarily a question of resources. The starting point is usually the existing IT (security) budget.

Financial resources earmarked for cybersecurity largely determine how best to balance increasing threat scenarios and limited capacity. At least up to the first incident, the budget is usually quite limited.

Human resources for cybersecurity are limited – planning uncertainty and high personnel costs are the results. Therefore, companies often have to ask themselves which measures they should prioritize and which ones they should supervise in-house and which ones they want to outsource.

Christian Fritz - Loipersdorf 2021Operate cyber security in-house or outsource it

“The question of the extent to which security can be outsourced is quickly answered: theoretically, entirely,” says IKARUS COO Christian Fritz, who led a workshop on this topic with 25 IT managers at this year’s LSZ CIO Congress, summarizing the results of the discussion: “The only essential thing is to define the framework conditions precisely in advance. In the event of an incident, speed is of the essence. This means that external managers need some decision-making power if no coordination is possible – because attacks don’t just happen on weekdays from 9 to 5.”

The first step towards an adapted security action plan is to select the topics covered with the existing budget. Based on practical experience, it is advisable to choose projects that enable rapid progress and effectively raise the level of safety.

“Many companies only come when they already see themselves in the focus of possible attacks – as we have seen with the current ransomware wave”, reports Christian Fritz: “We recommend a focus on measures that can be implemented quickly and bring added value to their awareness. This can be an EDR – Endpoint Detection and Response – solution that also displays alarms from other areas and thus facilitates the response to a wide range of security incidents. Those who work with operational technologies or IoT systems will quickly benefit from passive solutions that create a dynamic asset inventory almost at the push of a button and continuously scan the entire network for vulnerabilities, threats and anomalies.”

Cyber security measures for IT and OT systems

In IT, most threats come from the endpoints – PCs, laptops, or mobile devices used to surf, download and retrieve e-mails. “We users are the classic vulnerability in IT”, says Christian Fritz: “In most cases, a successful attack is preceded by careless user interaction. Repeated awareness training and hints can catch a lot – similar to the current program and system updates in systems technology. But there are attacks that the trained user can detect. No longer visible – the security software has to sound the alarm.”

In OT, there are machines with countless protocols and different update or patch statuses instead of users. With the digitization of industry, IT meets OT, legacy meets bleeding edge, and unsecured operational technology meets threats from IT.

“To be able to secure your existing assets and systems against attacks from IT, you first need to know what you have,” explains Christian Fritz: “The state of the art is non-intrusive technologies that scan your network passively. The system learns about normal network traffic, and of course, individual variables and thresholds can be defined. And it allows you to secure assets via vulnerability and malware scans without having, to access the devices and systems directly.”

Building up know-how for your own company

When selecting a suitable technology and provider, paying attention to available service and support is advisable. “Especially when working with new technologies, building up know-how is extremely important,” says Christian Fritz: “Software should make daily work easier, more secure and efficient, but not tie up additional resources.”

IKARUS Security Software operates both in-house developed security solutions and technologies from selected partner companies in its own Scan Center in Vienna. “All of the solutions we offer have been intensively tested by us and have convinced us in in-house use,” says Christian Fritz: “We pass on our theoretical and practical experience and expertise to our customers – to the exact extent desired.

Do you have questions about cybersecurity? Are you looking for advice on the efficient implementation of your security measures, or would you like to experience selected solutions live? Contact us at +43 1 58995-500 or sales@ikarus.at!

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download