Modern Cyber Security: Purpose built, Innovative and Future-proof

Modern Cyber Security: Purpose built, Innovative and Future-proof

How does modern cyber security look like?

?It's a powerful yet simple combination of

a)???purpose-built technology with automation,

b)???competent people with industry know-how,

c)????functional processes,

d)???workable data and

e)???environmentally friendly approach.

Modern Cyber security doesn't necessarily mean fancy expensive technology, highly skilled opinionated people, immediate ROI, stringent processes, or clusters of big data.

Today's organisations need to be nimble and flexible with their business approach, harness technology and innovation, inspire people, future proof with the ever-evolving industry trends, be environmentally conscious with their decisions to be truly defined as modern.

As cyber crime increases in sophistication, organisations are looking for modern cyber security solutions that can keep up. In this article, we'll explore how organisations can harness people skills, innovative tech, and automation to be truly defined as modern.

As we move further into the 21st century, cyber security becomes an increasingly important issue. Businesses must naturally take steps to protect their data and networks from cyber-attacks. Many people think of cyber security as involving expensive technology and highly skilled experts. However, this is no longer the case. In today's world, businesses need to be innovative and flexible in order to stay secure. We will discuss some of the ways that modern cyber security is changing and evolving.

?Purpose-built technology with automation

Organisations are under constant cyber-attack, and the traditional security model of relying on humans to manually identify and protect against threats is no longer feasible. To keep pace with the evolving threat landscape, organisations need to leverage technology and automation. Modern cyber security solutions are purpose built to address the unique challenges of today's digital environment. They use some modules of artificial intelligence or machine learning to identify and block even the most sophisticated cyber threats. By investing in modern cyber security solutions that drives automation, organisations can future proof their business and protect their critical data from cyber criminals.

Competent people with industry know-how

It is quite evident that the best cyber security strategies or plans set by forward thinking companies involve brilliant people. Its one of the main pillars of an effective cyber security. Since its all about protecting people and data, understanding the psychology of humans is key. 90% of the breaches happen due to human error or phishing and social engineering tactics globally. This is sadly on the increase and therefore it reaffirms why we need people with greater understanding to combat this, provide greater defence and future proof it.

?Functional processes

People, technology, and data combined together forms processes that drives successful businesses and enable compliance and regulatory requirements. The balance to get a process right in organisations can take months and even years if not agreed internally across all stakeholders in a business. However the aim of any process should be to support businesses operations and people effectively and comply with industry regulations. Anything that doesn’t serves this purpose should not be part of the process as then it becomes irrational and will get neglected by people. Processes therefore should be functional enough for companies to adapt, simple enough to comply and serve business’ vision ultimately. Businesses aspiring to be ISO27001, PCI DSS, HIPAA or any such standards should understand its value that such framework brings to the business and their customers and suppliers.

Workable data

The officers of information technology, information security and audit teams, if they don’t have adequate data to measure and manage, there will never be an effective cyber security strategy. These defenders need access to business data and to identify and classify such data, appropriate tools will need to be implemented with continuous monitoring and notification. Businesses must be able to identify the types of data they store or are in transit. Therefore it is imperative that data is classified as private, public, or confidential. Classification rules, policies and access restrictions must be set up to prevent data breach by error or intention.

Environmentally friendly approach

Businesses can consider more digital meetings which can help limit the travel for employees to go to office and for attending conferences or client meetings. Evaluate existing business processes and procurement policies around buying and disposal of hardware. Recycling of hardware and buy used phones resulting in low carbon footprint. Unorganised emails can produce KWhs of electricity that can be saved every day. Using smart technologies such as sensors and thermostats in the office monitoring the lights and temperature is a good start. Resorting to digital signage can have a better impact.

The reality

The past few years have seen an uptick in cyber-attacks from nation-sponsored groups and hackers. They have become increasingly sophisticated and destructive. In many cases, these attacks are carried out with extensive resources and knowledge. There have been a number of high-profile cyber security breaches. Advanced persistent threats (APTs) are another type of cyber-attack that is on the rise and can be particularly difficult to defend against. These attacks have exploited security vulnerabilities in order to gain access to sensitive data. Some of the most notable cyber-attacks include:

- The WannaCry ransomware attack, that affected over 200,000 computers in 150 countries. which targeted computers running the Windows operating system and encrypted users' data, demanding a ransom for the decryption key.

- The Petya/Not Petya malware attack, which used a similar approach as WannaCry but was more sophisticated and destructive. It caused widespread damage, particularly in Ukraine where it originated.

- The Equifax data breach, which resulted in the personal information of over 143 million people being exposed. The attackers gained access to Equifax's

There are several reasons for this increase in cyberattacks. One reason is that hacking tools and techniques have become more sophisticated. This means that hackers can now target more vulnerable systems with greater success. Another reason for the increase in cyberattacks is that security vulnerabilities have become more commonplace. This is due to the fact that many organisations do not invest enough in cyber security. As a result, their systems are more vulnerable to attack.

When it comes to cyber security, businesses can't afford to take risks. By taking steps to prevent cyber security breaches, they can protect their customers, their reputation, and their bottom line. Organisations must also be aware of security vulnerabilities that can be exploited by cyber criminals. These attacks highlighted the importance of cyber security and the need for organisations to have robust cyber security measures in place.

Some useful advice

We know it’s easier said than done for businesses who are thriving to operate in this volatile, uncertain, complex, ambiguous (VUCA) world. So where can businesses start from? Well in the famous words of Winston Churchill who said: “He who fails to plan is planning to fail.”

Businesses that wish to start from somewhere can take these simple steps as below:

1 - Set up a strategy and road map for the business and then align the cyber security strategy with that business vision. Remember information security is all about protecting people and in business context data.

2 – Once you set up a strategy and road map, agree on a baseline and break it down, start implementing and monitor the progress as you go.

3 – With every step you take you will notice improvements in processes, people, and technology. Do remember to practice it consistently with your team and ensure they comply with the set processes or policies.

4 – Cyber security is a continuously evolving process and is never a one-off thing. As long as you have a business you will continue to need cyber security.

5 – Invest in the right people and necessary technology to support the above strategy.

The mindset is to understand that cyber security is an investment not a grudge purchase or an expense. As long as your business has this perspective you will thrive. Especially in today’s world where every hour there is a breach, its not a matter of ‘IF’ its ‘WHEN’ and the sooner businesses understand it the better it is.

Despite the increasing threat of cyber attacks, there are a number of steps that businesses and individuals can take to help protect themselves from cyber-attacks, but it is important to remember that no system is 100% secure. Cyber security breaches can happen to any organisation, no matter how large or small, so it is important to be aware of the risks and take steps to minimise them. Some essential guidelines are as below.

1. Implement an Identity and Access Management (IAM) solution

In order to properly secure your data and systems, it is critical to have a robust identity and access management solution in place. This will help ensure that only authorised users have access to sensitive information and that all activity is properly logged and monitored.

2.. Enhance remote working security

With more employees working remotely, it's important to shore up security around VPNs, mobile devices, and cloud-based applications. Make sure your team is trained on how to use these tools securely and that policies are in place to prevent data breaches.

3. Train employees on cyber security best practices

It is important to educate all employees on cyber security best practices, such as proper password management and how to spot phishing emails. By raising awareness and providing training, you can make your organisation much less vulnerable to attack. One of the best ways to protect your organisation from cyber-attacks is to educate your employees on cyber security risks and best practices. Consistency is key and monthly or quarterly programs should be introduced.

4. Strengthen your supply chain security

Your organisation is only as strong as its weakest link, so it is important that you vet your suppliers carefully and ensure that they have appropriate cyber security measures in place.

5. Cloud security management and visibility

Ensure you have excellent visibility of your cloud infrastructure, run configuration reviews, posture management and security assessments. A continuous monitoring would be required to cover all shadow IT practices by employees.

6.?????IoT and OT security adoption

Companies have significant amount of devices and technology these days that depends on the

7.??????Cyber liability insurance

Companies without a cyber liability insurance is like cars driving on roads without a car insurance and waiting for the inevitable to happen. This is so crucial in today’s world. Businesses should add this to their existing indemnity and liability insurance covers.

8.?????Great harmony and no conflict approach between IT and Cyber security functions

They must both work together. CIOs, CTOs and CISOs should align in their vision.

9.?????Board empowerment

Security should be one that empowers and inspires the board.

10.???Research and Invest

Perform adequate due diligence and invest in appropriate cyber security technology and automation.

?Words Of Wisdom

·???????Control the urge to spend on unwanted cyber security tools.

·???????Establish a tailored strategic road map for your business.

·???????If your security controls aren’t holistic, you are only halfway there.

·???????Research and analysis should be your first step in establishing your security road map.

·???????Build relationships with stakeholders and get their buy in.

·???????Tools only brings in false sense of security unless they are governed, tailored, and optimised for performance to align with your business objectives.

·???????A good cyber security is one that is connected across all spectrum of the infrastructure – endpoints, network, email, web, cloud, applications, 3rd party tools, physical security, and people.

Summary

The main purpose of any cybersecurity strategy should be to protect its people and data and align with businesses objectives. Security exists to protect businesses and its people, not the other way around. And technology vendors, tool creators, cybersecurity experts must understand that right from the ecosystem level. Then enter into the market with appropriate approach to businesses and people in general. Unfortunately we see tech vendors approaching the market with a convoluted approach to simply resolve one spectrum of the whole issue and do not address the most basic challenges that businesses face.

The approach should be to enable people and businesses, and not the way the current market approach is where vendors use tactics such as scare mongering or instilling fear since this approach doesn't empower the people in charge of these businesses to take actionable steps. The board members and the management really need to be empowered, inspired in a way that they see a strategic business sense in investing cybersecurity.

Therefore, the advanced technology and automation led cybersecurity providers can make businesses more resilient against today's cyber threats. There are certainly some fantastic cybersecurity experts who can make a massive difference to these businesses. And therefore, these experts should be working with these businesses in setting up 12 months, 36 months or 60 months strategy that is ever evolving, flexible and is in line with the business objectives.

That’s the true approach to modern cyber security where value and benefits comes before commercials.

?References:

1. cyber security attacks: https://www.verizonbusiness.com/resources/reports/dbir/

2. ransomware: https://kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/22132415/Kaspersky-Lab-Ransomware-Landscape-H1-2017_eng_web.pdf

3. advanced persistent threats: https://www.fireeye.com/content/dam/services/pdfs/mandiant-apt1-report.pdf

4. https://www.csoonline.com/article

Monikaben Lala

Chief Marketing Officer | Product MVP Expert | Cyber Security Enthusiast | @ GITEX DUBAI in October

1 年

Sanjiv, thanks for sharing!

Manohar Lala

Tech Enthusiast| Managing Partner MaMo TechnoLabs|Growth Hacker | Sarcasm Overloaded

1 年

Sanjiv, thanks for sharing!

Harshil Gohil

OSCP | eWPTX | CEH | Penetration Tester at Microminder Cyber Security

2 年

Well said, thanks for sharing!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了