Covid-19’s disruption didn’t leave the IT world behind, as we have witnessed a mass migration to remote work and the adoption of cloud systems. Many companies weren’t ready in the slightest for this true digitization, and probably aren’t yet today. There are two consequences to this abrupt change.
A huge increase in the demand for digital services, from online communication to the use of VPNs, the return of BYOD to networking and distance learning platforms. This presents many more opportunities for data breaches and attacks.
The awareness, by the IT sector, that the balances and cybersecurity strategies that had been useful until a few months prior, weren’t enough anymore.According to recent research by Proofpoint, 85% of Italian CISOs believe that employees can make their company more vulnerable to a cyber attack.
It’s also worth mentioning that criminals take advantage of the moments of the greatest vulnerability of the victims to strike, which is why we have witnessed an explosion of phishing and malware campaigns and we have recorded an increase of up to 300% of phishing attacks since February 2020 (mostly in the form of information or resources related to COVID-19).
How Imagicle handled the situation: ISO 27001.
Security has always been one of the pillars of Imagicle’s product strategy. In March 2020 we closed our offices and within a couple of days, all 100+ Imagicle employees were fully operational remotely. This was possible because we were ready for remote work, and our company was already using advanced digital services. Faced with this evidence, Imagicle has decided to further invest in the security of employees and work tools. It was only natural for us to pursue a path that would lead us to improve our security practices, for customers, partners, and colleagues. We wanted to show that we care about it. We have therefore invested heavily in security since 2020, both internally and in regards to our products and services. We have started a path to improve our security posture, a path aimed at achieving the international standard on safety, namely ISO 27001. We’re talking about a certification that is not easy or fast to obtain. It requires a commitment that not all companies are yet ready to make; in fact, the number of companies that got the ISO 27001 certification isn’t that high, yet. In the second quarter of 2021 we have achieved the desired results, and today Imagicle is pleased to announce that we have been recommended for ISO 27001 accreditation. This comes following the successful implementation of our Information Security Management System (ISMS), and the completion of a full audit.
There are two things to consider. The first thing is that Information security is a business problem, not an IT problem. The second thing is that anything that can be digitized is being digitized, so access to information and anything that is connected presents a far greater risk to society than ever before. Implementing an information security management system will provide your organization with a system that will help to eliminate, or at least minimize, the risk of a security breach that could have legal or business continuity implications. Certification is fundamentally about providing trust and confidence, and these can provide a competitive edge. It demonstrates a clear commitment to Information Security Management to third parties and stakeholders. And in today’s world, our customers, business partners, and shareholders want to be sure that you’re not putting them or their businesses at risk by not having appropriate safeguards in place around information and technology-enabled business assets.
We all know what ISO 27001 is, but do we really know what the benefits are?
ISO 27001 is the de facto international standard for Information Security Management, and among many other benefits we can mention:
it demonstrates a clear commitment to Information Security Management to third parties and stakeholders because it increases reliability and security of systems and information by providing a framework to ensure the fulfillment of commercial, contractual, and legal responsibilities, thus strengthening business resilience;
it provides a significant competitive advantage, and can effectively be a license to trade with companies in certain regulated sectors, thus helping to win new business and sharpen your competitive edge;
it improves management processes and integration with corporate risk strategies, improving structure and focus and reducing the need for frequent audits;
it complies with business, legal, contractual, and regulatory requirements, helping to avoid the financial penalties and losses associated with data breaches;
it allows obtaining an independent opinion about your security posture.
Back to the Imagicle certification specifically, you can read our purpose and field of application in the certificate: “Design, development, sale, and support of software solutions and services for Unified Communication and Collaboration platforms”. As you can see our certification is not just about our “IT”, but for the whole organization. From the design of our applications and services to their development and release. We have certified our products, our services, both internal and external. But we have also certified how our sales, support, and advanced services teams work. In short, the entire organization has been certified as adequate to the ISO 27001 standard.
So what will change for customers and partners?
Well, nothing so obvious in daily work. But it is important to be aware of working with a company that treats our data with the greatest possible attention, according to the highest global standards. The awareness of working with a company that develops products in which the security paradigm is “security by design”, the awareness of using a company’s services that comply with hundreds of regulatory security controls.
Is this a small change?
Consider that in the current climate, Coronavirus, as said, has caused a vast increase in the use of online communication and services, and this presents many more opportunities for data breaches and attacks. It’s therefore surprising that only 15% of businesses have considered the risks they are exposed to through their immediate suppliers and only 9% have considered effects due to their wider supply chain, according to ITGovernance.co.uk. This suggests that most businesses will still be vulnerable to data breaches through inadequate vetting of the businesses in their own supply chain. However, following Imagicle’s accreditation under ISO/IEC 27001:2013, organizations can now enhance their own commitment to security by selecting Imagicle as a partner and supplier!
Enabling flexible working options for everyone isn’t just about providing the right work tools. It’s also about making sure that those work tools are secured and protected against vulnerabilities. Obtaining the ISO 27001 certificate serves as proof that Imagicle cares about your data, and won’t tolerate any breach or abuse. But of course, we won’t stop there. The quest to improve our security framework has just begun and it will continue!