As remote work becomes the norm and individuals and organisations put more information (and their personal lives) online, the risk of cyber-attacks continues to increase. From stolen identities to malware and even ransomware, it’s clear that investing in cyber security is and will continue to be a critical part of an organisation’s technology infrastructure.
“Information has value,” explains Lorena Saenz Moreira, Palladium Global Head of ICT. “Whether it’s an organisation’s internal information about their activities and staff, or information that’s been entrusted by clients, all of it has some sort of value.” That value is what hackers are often looking for, and one of the many reasons Palladium began the process of achieving ISO27001, the international standard certification of managing information security.
“We’re committed to excellence across the organisation and achieving this is certified evidence that we’re committed to information security,” says Moreira. “This applies both to our information and the information entrusted to us by our clients, ensuring that it’s protected in the most secure way possible.”
She explains that receiving the certification doesn’t happen overnight but that the team was able to finalise it in about nine months, far quicker than the two years that many organisations with Palladium’s geographic size and spread take to complete the process. She credits the team’s years long commitment to information security in creating a smooth process for the certification and the accompanying audit.
“We were able to achieve it so quickly because of the foundational work on information security we’ve put in place in previous years,” Moreira describes. “We committed to it seriously several years ago and have been working on it a number of years to ensure we have the proper measures in place. Now we have the icing on the cake with the certification.”
Ransomware is on the Rise
She explains that ransomware attacks are on the rise and that their costs are increasing by 36% annually, with an average cost of US$6 million per attack. “Anyone and everyone is being targeted by these types of attacks and as our business continues to grow, we’ll have to fend off different types of attacks, from people trying to compromise passwords to phishing attempts.”
“Will a big ransomware attack happen to us,” Moreira asks? “It’s unknown, but that’s why we keep the standard for the certification, so that we can and will do everything possible to protect our data from hackers.”
Moreira stresses that the certification is a critical part of the organisation’s commitment to both existing and future clients, and that any project Palladium implements is protected by the strict processes her team has put into place.
“We’re extremely proud and happy but this is not by any means the end of the journey,” she adds. “The ISO27001 certification is verification, but information security work never ends—it’s a process that is ever evolving, new threats are always appearing, and you need to adjust and ensure that everyone across the organisation is committed.”
“We Have Your Back”
She notes that the certification is a company-wide achievement. “Every time someone completes our trainings, reports a phishing attack, or is simply aware and manages information properly, they’re contributing to this.” This is only the beginning of the journey and each year, there will be audits to ensure the team is keeping to the standards set by ISO27001 and have the opportunity to address any areas of improvement.
“We tell our clients, ‘We have your back’,” says Ricardo Michel, Palladium Senior Managing Partner. "USAID and other key clients are prioritising digital solutions, even as cyber-attacks continue. Our certification allows them to trust that the work we do and the way we do it limits their risk."
Moreira adds that achieving this standard is a clear signal that the team can handle, and handle properly, more complicated and sensitive data. “We now have evidence certified by external auditors that we are ready for more complex data and can be trusted with it. This is about growth, and we want to be here in the long run, not just the immediate future.”
For more information, contact firstname.lastname@example.org. Read related article: The Hidden Carbon Costs of Technology.