Intwo’s Cybersecurity Consciousness

BLOG

Intwo's Cybersecurity Consciousness

We’re still, just about, in Cybersecurity Awareness month, so we wanted to round up the coverage we’ve given it by talking about the fact we actually practice what we preach.

That’s right, today we’ll give you some insight into the cybersecurity awareness that Intwo promotes, and where we want to get to as a cyber-safe business for us and our customers.

As a business, we want to do quality work, and in the modern era, digital security is a huge part of it. It’s baked into everything we do, but that doesn’t mean we don’t actively try to improve it and make sure it’s reviewed and brought to the front of every team member’s mind. Today, we’re going to dive into how we have built cybersecurity awareness into our business, and how you could do it in yours.

It Really Is Important

Companies cannot afford to take the threat of cyberattacks lightly. There are plenty of examples in the news where large organizations are effectively brought to their knees by small but sophisticated groups of cybercriminals. For example, Maastricht University had unauthorized people inside their system for two whole months and was forced to pay €200,000 to get rid of them. Frankly, Maastricht University got lucky because 29% of organizations who pay ransoms still can’t recover their data once they’re rid of unwanted guests.

As part of our SOC 1 T2 audit, we have to have sufficient security policies in place that are designed to protect information and critical resources from a wide range of threats. These policies ensure business continuity, minimize business risk, and maximize ROI. The very purpose of our information security policy is to ensure the confidentiality, integrity, and availability of data and services for us and our customers.

Part of our approach is also built upon our Zero Trust Principles, which consist of the following:

  • Verify Explicitly – Always authenticate and authorize based on all available data points including user identity, location, device health, data classification, and anomalies.
  • Least Privilege – Minimize user access with just in time (JIT) and just enough administration (JEA) risk-based adaptive policies, and data protection which protects data and productivity.
  • Assume Breach – Minimize the scope of breach damage and prevent lateral movement by segmenting access via network, user, devices, and application awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility and drive threat detection.

Cyber Goals

Awareness is the cornerstone of adopting a security mindset that carries through daily business activities. The digitization of everyday life has been accelerated by COVID-19 and now hybrid work is becoming the standard. But, none of that changes the fact that cybercrime doesn’t sleep, and so neither should your defenses whether you’re in the office or at home. With 95% of all successful cyberattacks caused by human error, every single person in our business has a role to play in the security of our data and privacy as well as that of our customers.

Organizations and VCs are increasingly looking at cybersecurity risks during business deals, including mergers, acquisitions, and vendor agreements. As a result, there are an increasing number of requests for more data about a partner’s cybersecurity program. We’ve seen it with our own clients, they are a genuine focus on security and safety in the digital ecosystem. The trends we’ve witnessed stack up more broadly as well, with Gartner research showing that 88% of boards now regard cybersecurity as a business risk rather than solely an IT problem.

Security, privacy, and governance should be baked into everything we do, not just bolted on. And that’s why, for 2023 and 2024, we aim to further improve the overall state of security and compliance at Intwo through a number of initiatives, including going for our SOC 2 and ISO27001 certifications. We want our global security posture and state of governance to keep pace with the ever-developing threats of cyber attacks, and allow us to always be in control. It requires focus, a dedicated team, and the right mindset, but we have all those pieces already in place, so we’re confident we’ll make it happen.

Want to make cybersecurity a focus for your business? Intwo can help with that, contact us now.

October 31, 2022

images
Dennis Schut - CISO & VP Global Cloud Technology

As the primary responsibilities, I develop and productize new services, redesign existing ones, and implement them on various cloud platforms. I also conduct market research, develop strategies, and lead the roadmap for service offerings. Additionally, as the CISO, I ensure the organization’s security by establishing and maintaining processes, policies, and practices to mitigate risks and respond to incidents across various domains.

GET IN TOUCH!

Let's get in touch and tackle your business challenges together.

images

We love a challenge.

images

Rest assured. We've got you.