Sunday, 20th October 2019

The state of IT security

The IT security landscape has changed over the last few years. Historically organisations focused their efforts largely around protecting against cyber attacks, focusing on how they could prevent a data breach, protect their data and systems. A large part of this approach centred on perimeter security, that is securing your network. By Scott Nicholson, director at Bridewell Consulting.

A change in focus

Today, however, with the advance of technology like cloud and smart devices, and trends such as BYOD and mobile working, the focus has shifted. Perimeter security is no longer as important because increasingly organisations have borderless networks. Now it’s more about protecting users and devices, instead of the network itself.

A typical way of doing this is adhering to these five elements that form a core part of risk frameworks used by the US body NIST, and the UK’s National Cyber Security Centre (NCSC).

1.Identify — identify the assets, systems and data that need protecting

2.Detect — implement ways to detect an attack

3.Protect — develop ways to protect against an attack

4.Respond — craft a plan to react to an attack

5.Recover — ensure the organisation can continue operations after an attack

Building resilience

This approach is also coupled with a move toward cyber resilience that provides organisations with a more holistic view of cyber security. More mature organisations are devoting time and effort to looking at how they can layer security and be more effective in responding to and recovering from an attack.

Security teams typically look at things like testing incident response services; detecting threats within the network; and using internal network segmentation and other controls to build strength in-depth.

Response and recovery

Red team engagements are one of the services that can be used to build this cyber resilience. Red teaming is a full-attack simulation that focuses on all areas of the organisation, from breaching networks and systems, to using social engineering tactics, and gaining physical access to premises and devices.

While red teaming helps organisation identify critical issues that need remediating, it can also be goal-led. These goals are developed between the security provider and the organisation and are then used to build scenarios to test incident response, for example. This could include increasing noise on the network by running aggressive port scans, starting to enumerate hosts, or changing group permissions in Active Directory – all of which should trigger incident response capabilities. In this way, the organisation’s security is being tested but so is their resilience and responsiveness of security teams.

Who’s winning?

There’s no easy answer to who is winning — attacker or defender. It’s an ongoing cycle because as technology advances and is used to boost security, it can also be used by attackers to improve attack methods and create new threat vectors.

Success for organisations therefore hinges on not just preventing an attack, but mitigating the impact of an attack and ensuring the business knows how to respond and quickly resume operations.

Fighting cybercrime is a never-ending arms race. If businesses want to get ahead of the bad guys, jo...
It now seems kind of quaint that cybercriminals go after computers. The kind of threats we now expec...
Cyber attacks are inevitable, but it’s how an organisation deals with them that can make or break th...
Rest assured, 5G is coming and it promises to be faster with less latency and better support for app...
Artificial Intelligence is widely perceived as ‘the next big thing’ in cyber security. But with many...
Businesses have been scrambling to leverage the power of the Internet of Things (IoT) for years. It’...
Earlier this year a US software engineer hacked into a server holding the personal information of mo...
The right security approach is vital to a successful digital transformation. By Stan Lowe, global...