Firms are spending millions of pounds on digital systems but are overlooking the need for basic updates and checks to protect their business from cyber attacks, an expert has warned.
Tanium is a US-headquartered cyber security firm with clients across a range of sectors, including the big 10 US banks, PwC, eBay, Amazon, and the US and UK intelligence agencies.
Matt Ellard, vice president of Tanium’s EMEA arm, said large firms spend tens of millions of pounds on end-point solutions but continue to struggle with basic system tasks, such as compliance and updating software to the latest version.
Cyber security has entered the spotlight after major organisations around the world, including most recently in the UK the NHS, collapsed temporarily when their digital systems were infected with a virus.
Mr Ellard, who will be leading Tanium’s expansion into the UK, said firms were not necessarily being neglectful by not investing enough money in their IT systems, but were instead failing to regularly carry out functions to keep those systems secure.
He compared this to having high-tech security systems installed in a house, saying if the doors and windows are left open then it makes that security useless.
“People continue to spend a lot of money on IT infrastructure, so they are investing money in IT but they need to start looking at investing in different ways.
“It’s not about endless investment in the latest shiny IT solution,” he said, adding firms need a broader approach when it comes to the management and “security hygiene” of their IT systems.
Mr Ellard said there is a “visibility gap”, meaning firms do not always know how many computers they have linked to their system, what applications are running on those computers, and what versions of software they have.
He said a digital system that is not fully visible at scale will be vulnerable to attacks, and will not be able to respond quickly when taking corrective action.
“It’s not just about protection it’s about remediation,” he added.
“There is always going to be the latest shiny gadget that you can put on your computer; but you’ve got to go back to the fundamentals and know what computers you have got and whether they are controlled by the policies and protocols.
“Companies need to find their unmanaged systems before cyber criminals do.”
Last month, a report from LexisNexis Risk Solutions said old-style ‘legacy’ technology act as the biggest barrier in the fight against cyber criminals.
The financial professionals who were questioned as part of the survey said legacy technology prevents firms from taking effective action to prevent financial crime.
Mr Ellard agreed with the findings in the report, adding: “New problems are trying to be solved with old security tools and we need to make sure we bridge that gap between the new development of IT and the legacy tools.”