[BreachExchange] The New Cyber Security Ecosystem
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Mar 17 10:13:29 EDT 2017
http://www.itsecurityguru.org/2017/03/14/new-cyber-security-ecosystem/
When one compares cyber security today to what it was ten years ago, the
two are almost unidentifiable as the same industry. The iPhone had only
just launched; Facebook was still in it’s infancy; the Internet of Things
(IoT) was still a dream. The routes a hacker could use to access a system
were limited, and because of this, cyber security was built around walls.
One was encouraged to block attacks with firewalls and other perimeter
security that could be plugged into existing systems. There was no wider
strategy, with little thought given to what would happen if those walls
were breached. This created a very segmented landscape, made up of a
multitude of different products, all with varying capabilities and from
different suppliers.
Today’s landscape is utterly different. The routes into a system are so
numerous they are impossible to police effectively, with the IoT making
this problem greater by the day.
Yet this same technology that is causing a headache for cyber security
professionals is the exact same technology that can help drive a business
forward. Consider the transformational potential of IoT. Data between
previously distant departments or operations can now be collected, shared
and used automatically, dramatically improving the efficiency with which
those two business areas work.
The consequences for cyber security, however, are serious. Access across a
large multinational corporations’ systems can be gained through one chink
in the armour of one small department. Recent hacks have shown this time
and again. The hack against Target, one of the biggest ever and responsible
for the loss of details of 110 million customers, stemmed from a phishing
attack on a contractor. USB sticks infected with malware are an
ever-present threat; once plugged in, hackers quickly spread throughout an
organisations system and begin to do serious damage. This has been proven
to chilling effect in the health sector, where patient monitors have even
been accessed.
To counter this, the cyber industry must work to develop a security
protocol – a standard – that can operate effectively across all different
elements of modern, large-scale computer systems; a system of systems. Such
a protocol will allow for the effective identification and quantification
of any security and privacy issues in any part of a business’ IT systems.
Other industries have used similar models of ever-presenting testing and
evaluation to ensure their services are as rigorous as can be. Engineering,
constantly evolving since the industrial revolution, is built upon testing.
>From product design through to end-of-life decommissioning, the industry
constantly tests the performance and capabilities of its devices.
A system of systems will allow cyber security to the same. All parts of the
IT supply chain, from the service provider to the OEM; the management
consultancy to the market researcher; all will be able to scrutinise their
business operations from a cyber security stand point, and all to the same
high level of quality.
This will align with and be underpinned by the National Cyber Security
Strategy, supported by the NCSC. It aims to create an “ecosystem” of
“innovative and thriving cyber security” by bringing together the “best
minds from government, academia and the private sector” to deliver this
system of systems, solving the issues presented by a divergent and complex
online world. It will be the beginning of a new era of cyber security
protection, based not on unrealistic goals but on our ability as a nation
to mitigate and minimise risk through collaboration. It will give the UK
and its population assurances that its data and systems are safe and the
base from which a successful digital economy can flourish.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170317/aa24ba59/attachment.html>
More information about the BreachExchange
mailing list