Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
We continue to see instances of “cyber security own goals” – i.e. security failures at companies who either should know better (probably overly harsh criticism when faced with a determined, targeted attack) or who are founded on the basis of providing greater security or trust, but then found to be fallible just like other businesses.
Past examples would be the well-publicised incidents and cyber security data breaches at the US National Security Agency or at security firms Symantec and RSA, but also these cases of cyber security failure and cyber security risk being realised:
Without trying to be critical or singling out any particular organisation, these cases show a number of things:
In both the Kaspersky and LastPass cases, the analysis of the issue and level of understanding of what had happened, how it had happened and the implications (including for users) were promptly published and showed a high degree of technical and business understanding – this is a welcome change from some past breaches where delays, denials, obfuscation and vagueness have been more the order of the day. From May 2018 onwards, under the GDPR, organisations in Europe for example will need to have a clear understanding of an attack within just 72 hours.
The challenge of course, for many organisations without the security focus or technical expertise of these industry players, is their ability to detect, diagnose and understand how a breach is affecting them.
This problem is part technology (the right solutions with the right capabilities that are configured to do the right things), part business case (the right levels of investment in prevention, detection and response), part people (both number and skills) and also the recognition that breaches are unavoidable. It’s the way they are handled that matters – this is a mindset change.
Gain some insights into cyber security incidents and attacks by watching our 8 minute video, below:
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.