Cybersecurity is part of my daily work – whether it’s discussing on forums, training customers or consulting in companies. Many of these come on their own, others because they are mandated to do so by legislation through the amended Cybersecurity Act. Whatever the reason, the important thing is that they are taking a proactive interest in security.
Foreign mothers of Slovak companies often do not address the cyber resilience of their daughters, let alone perceive the need in terms of legislation. Either they do not consider it a priority or they rely on a centralized security model. Neither approach holds up today. The modern IT environment is dispersed, dependent on cloud, IoT and remote working. Centralised solutions are losing efficiency and, more importantly, pose a risk. If an attacker gets into one central point, he can gain control of the entire system.
Network segmentation is therefore not just a technical recommendation, but a fundamental principle of resilience. Attacks cannot always be prevented, but we can slow down the attacker, limit his movements and buy time to react.
This is where a simple analogy often helps me. Imagine if a company only had one common passcode for all rooms. That sounds absurd, doesn’t it? In reality, everyone only has access where they need it. If someone steals or breaks the code, they only get into one office or meeting room. Every other room is a new challenge.
And that’s exactly what segmentation is all about – creating layers of protection that slow down the attacker and force them to leave footprints. The more obstacles, the greater the chance of being caught by security operators, an alarm or a guard dog.
Companies have plans in place for fires or floods and rehearse how to respond in a crisis. The same approach should be standard in cybersecurity. Because resilience doesn’t come from paperwork, it comes from being prepared to act.
