As most of you already know, October is National Cyber Security Awareness Month (NCSAM). The aim of NCSAM is to raise awareness across the international community about cyber threats, discuss best practices, and educate the public and private sector on how to stay safe online.
Cyber Security is promoted extensively during this month, and many events are being organized with the purpose of engaging and educating public and private sector entities while providing them with the necessary tools and resource to stay safe when connected online. Given the opportunity, let’s talk about the UK’s cyber security clusters and how you can engage, participate, network and most importantly ask any questions that you currently have regarding your organisation’s cybersecurity posture and staying safe online.
In the UK, the South Wales Cyber Security Cluster is the largest cluster, as it has as many members as all the other clusters in the UK combined. The cluster has been formed under the umbrella of the UK Cyber Security Forum by a number of cyber security-focused businesses and information security experts.
The aims of the cluster are two-fold. Firstly, it is to support members by communicating National and International initiatives and trade opportunities, providing a networking platform to share ideas and best practice, encouraging collaboration, and identifying partnership opportunities so that small cyber security specialist businesses in Wales can find new ways to grow.
Secondly, it is to support the Welsh Government’s commitment to cyber security (and UK Government’s Cyber Security Strategy) by building cyber security knowledge, skills and capabilities in the region, to make businesses more resilient to cyber attacks, and to make the region one of the most secure places in the world to do business.
So, our first tip for NCSAM is for you to find out when the next meeting is for your local Cyber Security Cluster and seize the opportunity to attend.
Boards of directors and executives worldwide have started realizing that cyber security is actually a prominent risk issue with devastating outcomes in most cases. Data breaches, compromised networks, and significant loss of revenue due to security vulnerabilities is almost a daily story in the news, especially when it comes to high-profile targets that affect millions of customers. The forthcoming GDPR is a regulation that focuses on raising the bar in the way cyber security is perceived worldwide and more specifically when it comes to protecting data being stored and transported within the EU but also for any business that sores EU customer data in geographic locations outside the EU.
A holistic approach is needed
There is no silver bullet when it comes to security, but this should not be used as an excuse when it comes to protecting the mission critical systems of an organization. When it comes to cyber security, companies tend to narrow the scope and usually focus only on protecting selectively high-value assets in order to stay within their allocated budgets. This practice has worked for years, but carrying it on to a fast-evolving threat landscape where systems and services are exponentially more complicated to what they used to be has already started introducing cracks and weak that which are not visible or easily spotted.
Effectively, trying to use security in an ad-hoc manner, here and there, ends up being more expensive than anticipated and in most cases creates a false sense of security. This kind of tactic only allows companies to turn a blind eye to what the real problem is. In fact, according to the Center of Internet Security a significant percentage of cyber-attacks, up to 80%, can be prevented with just a few simple proactive measures and a preventive culture within the organization.
Focusing towards Cyber Resilience
Cyber resilience may sound just like another buzzword being used by the information security industry. However, there is a deeper meaning and reasoning why cyber resilience is the way forward. The first reason is that it’s a holistic approach for your organization’s cybersecurity posture. The second reason is the results of having a holistic approach when it comes cybersecurity, especially when it can reduce your expenditure and thereby allow you to stay within budget while upgrading at the same time to around-the-clock systemic visibility and real-time response.
An action plan to protect an organization under a holistic approach is not a trivial task. It is, however, feasible when the requirements are put into a realistic perspective and are broken down into individual steps.
Each department throughout an organization (IT, sales, finance, legal, marketing, HR, etc.) needs to come together and discuss their common enemy, which is none other than evolving cyber threats and cyber criminals. This can only be done when the organization’s cyber security posture is treated in a systemic way by identifying the gaps and risks across the whole business.
If necessary, consult an external cybersecurity expert who will review the organization’s cyber risk profile and assist the decision maker to understand where they are standing. In some cases, this discussion starts with reviewing the results of a cybersecurity awareness assessment that leads to proper training and then breaks down to the specific needs of each department participating the review process.
Devise a plan
You can do this by hypothesizing attack scenarios; developing a good idea on what is exposed, what particular type of attacks can affect the organization, which devices are you high-value targets, and what kind of vulnerabilities are present; and assessing the impact in each scenario. This process not only sets the foundation for constructing a proper response plan, but it also determines the recovery process within an acceptable time frame for the business. Furthermore, this process highlights any hidden weak points, vulnerabilities that slipped through the cracks, and most importantly what needs to be reviewed further. At this stage, engaging with a third-party expert allows for a faster, better, efficient and effective adaptation to emerging cyber threats, reducing dramatically the risk of being targeted or even breached.
It is not possible to know for sure or predict emerging cyber threats and the effect they will have to the business (e.g. lost revenue, reputational harm, stock price decline). Having rough estimates provides a far more realistic idea to what is at stake, the consequences of unrealistic expectations, and up to what level risk should be considered acceptable.
The outcome at this stage will further assist an organization when it comes to deciding the right cyber insurance coverage. In the meantime, the mitigation strategy will involve all the necessary steps to determine what is the greatest threat depending the particular nature of the organization up to what level it can be mitigated and how and what specific investments are needed in order to avoid unnecessary future costs.
Decision makers should take into account that security is not an out-of-the-self product and that more money being spent doesn’t necessarily improve security. Consequently, when it comes to investing in a solution, a product, or a service, what matters the most is how adaptive and scalable that solution can be in order to meet any specific needs set forth rather than introducing a false sense of security instead. The secret in this stage is not to try to introduce solutions here and there to meet individual security and regulatory requirements that inevitably will increase the overall cost but approach the problem in a holistic attitude. Utilize the expertise of third-parties and discuss how their solutions can assist in that challenging task, how adaptive they are, what kind of flexibility they offer in this fast evolving threat landscape, what is the added value, and most importantly how will it keep everything within budget.
Being able to become cyber resilient is a task that requires the efforts of many parties from within the same organization and often third parties. The aforementioned steps put into perspective what needs to be done today, in order to avoid any claims or negligence following a potential breach, and display clearly the necessary due diligence in this era of fast-evolving internal and external cyber threats.
Most cyber criminals are opportunistic in that they target low-hanging fruit. The security industry’s professionals and experts are tasked with the challenging task of protecting a vast amount of heterogeneous information systems against a chaotic cyberwarfare taking place between threat actors and defending parties. By focusing on a cyber resiliency strategy today, security professionals can better defend what is already in place, provide them with the tools to detect and respond in real-time around the clock, and recover in the unfortunate event of a breach.
About the Author: Dr. Grigorios Fragkos is the Head of Offensive Cybersecurity for DeepRecce, leading the team that offers advanced attack and penetration services. He has a number of publications in the area of Computer Security and Computer Forensics with active research in CyberSecurity and CyberDefence. His R&D background in Information Security, including studies on applied CyberSecurity at MIT, along with his experience in the CyberDefense department of the Greek military, is invaluable when it comes to safeguarding mission critical infrastructures. Written the next generation SIEM as part of his PhD research with “notional understanding” of network event for real-time threat assessment. Public speaker in a number of information security conferences worldwide. Follow: @drgfragkos.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.