Only the comprehensive approach brings reliable security

Every organization has the task to select the measures for its information security

Ralitsa Karamfilova:

Only the comprehensive approach brings reliable security
568 ~ 3 мин. четене

Ralitsa Karamfilova is Strategic Development Manager at Lirex. She has held this post for the past 2 years and has been part of the company's management team for almost 10 years. She has been in the roles of Sales Director and Marketing Manager as well and in her current post is working on building a consistent vision and approach in the Marketing and Sales Departments, as well as on the overall development of the company in the long run. Ralitsa holds a Bachelor Degree in Business Administration from the University of Washington, USA, and a Master Degree in Executive MBA from the American University in Bulgaria.

In a time of rapid development and use of information technology, companies and organizations are coming to realise that cybersecurity is something that cannot be ignored. Actually, information security is a broader concept - besides protection against threats and malicious attacks, it also includes many other aspects related to data and its availability, accessibility, and integrity. In our view, this key moment is underestimated. Technologies need to be protected from attacks, but there are many other measures, related to policies and procedures that should be taken. For example, anyone from a company’s team can accidentally fall victim to attacks, so they must be well trained.

Our recommendation to companies is not to focus just on cyberattacks, but to look at data protection as a comprehensive process related to risk assessment. It sometimes happens that companies take measures for things that are not high-risk but miss out on more critical measures, which in turn results in large financial losses and decreased customer confidence. To be effective, information security has to be viewed in its integrity.

A Security Operations Center is the most recent service we developed at Lirex. This is our unit consistently involved with our clients' security. At this center, we identify every alarming IT incident and the experts working there ensure that it is properly recorded, analysed, reported and investigated. We monitor for potential cyber-attacks or events and determine if it is a real malicious threat or incident and whether it could affect our client's business. This unit helps to detect braches or attacks in a timely manner and respond appropriately if such exist.

Data back-up is also an area that is often underestimated. The focus is on cybersecurity and overall information security is pushed in the background. Most companies create and maintain an archive, but no one knows if it actually works properly, how secure it is, and what time it takes to recover data in a critical situation. It is therefore advisable to perform tests, for example, to avoid unpleasant surprises and financial losses in the event of a breakdown. We help organizations have a well-functioning back-up systems, recommending not only technological but also organizational measures.

At Lirex, we strive to have a consultancy approach to information security and offer a comprehensive portfolio of consulting services. It includes risk assessment, audits, and analysis. Our objective is to be of maximum use to our partners or clients. It is important for us to properly select the mix of services in order to deliver the highest value to the client. Lirex stands out in the market with its consulting approach and the selection of solutions that are tailored to each of our clients.

Sofia CyberSec 2020 will be attended by many international vendors who will introduce their solutions. This will assist businesses and organizations to find out what the problems are, what is offered on the marketplace, what are the trends. Protection technologies will be discussed, but again I would like to draw attention to the comprehensive approach that makes protection effective and reliable.