Tuesday, 26th May 2020

The state of IT security

The IT security landscape has changed over the last few years. Historically organisations focused their efforts largely around protecting against cyber attacks, focusing on how they could prevent a data breach, protect their data and systems. A large part of this approach centred on perimeter security, that is securing your network. By Scott Nicholson, director at Bridewell Consulting.

A change in focus

Today, however, with the advance of technology like cloud and smart devices, and trends such as BYOD and mobile working, the focus has shifted. Perimeter security is no longer as important because increasingly organisations have borderless networks. Now it’s more about protecting users and devices, instead of the network itself.

A typical way of doing this is adhering to these five elements that form a core part of risk frameworks used by the US body NIST, and the UK’s National Cyber Security Centre (NCSC).

1.Identify — identify the assets, systems and data that need protecting

2.Detect — implement ways to detect an attack

3.Protect — develop ways to protect against an attack

4.Respond — craft a plan to react to an attack

5.Recover — ensure the organisation can continue operations after an attack

Building resilience

This approach is also coupled with a move toward cyber resilience that provides organisations with a more holistic view of cyber security. More mature organisations are devoting time and effort to looking at how they can layer security and be more effective in responding to and recovering from an attack.

Security teams typically look at things like testing incident response services; detecting threats within the network; and using internal network segmentation and other controls to build strength in-depth.

Response and recovery

Red team engagements are one of the services that can be used to build this cyber resilience. Red teaming is a full-attack simulation that focuses on all areas of the organisation, from breaching networks and systems, to using social engineering tactics, and gaining physical access to premises and devices.

While red teaming helps organisation identify critical issues that need remediating, it can also be goal-led. These goals are developed between the security provider and the organisation and are then used to build scenarios to test incident response, for example. This could include increasing noise on the network by running aggressive port scans, starting to enumerate hosts, or changing group permissions in Active Directory – all of which should trigger incident response capabilities. In this way, the organisation’s security is being tested but so is their resilience and responsiveness of security teams.

Who’s winning?

There’s no easy answer to who is winning — attacker or defender. It’s an ongoing cycle because as technology advances and is used to boost security, it can also be used by attackers to improve attack methods and create new threat vectors.

Success for organisations therefore hinges on not just preventing an attack, but mitigating the impact of an attack and ensuring the business knows how to respond and quickly resume operations.

By Steve Rivers, Technical Director International, ThreatQuotient.
By Justin Augat, iland VP of Product Marketing.
By Martin Sugden, CEO, Boldon James.
As our world becomes increasingly interconnected, businesses and individuals are realising benefits...
Modern businesses are under pressure to deliver when it comes to the experience, they offer their em...
Common automation frameworks and the end of speed and security compromises. By Bart Salaets, Seni...
Connectivity as a concept has become an essential part of life, as opposed to just a luxury. The Int...