Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
As some parts of the world continue to struggle with the COVID-19 epidemic, others are starting to come to terms with a new way of working. There is much talk about some of these changes becoming permanent, including when it comes to managing cyber security.
During a recent “fireside chat” at the virtual Executive Leader’s event organised by one of Huntsman Security’s partners iomart (www.iomart.com), we spoke about an increasingly hybrid workplace and some potential changes in the way we manage security.
Some pertinent questions were discussed about how to handle the changing situation given what we have learned from conducting businesses, often working from home, for the last year or more. The questions and answers below guided the session.
For many businesses there was an increase in risk back in March 2020 that resulted from the sudden shift to remote access and working from home. In many cases, these changes were done in haste and in some instances, the lack of controls around user authentication and the way endpoints were secured or provisioned were sub-standard. The adoption of cloud solutions, such as Dropbox, Slack, Zoom, Google docs and a variety of file sharing, collaboration and communication services, in some cases reliant on personal accounts, created a less well controlled environment than a more organised IT cloud migration would typically ensure.
These rapid migrations were adopted in the short term to ensure continued business operations, but as businesses now look to their future requirements, the need to build more robust, controlled and auditable facilities will become a priority.
Specifically, we saw two major issues emerge in cyber security. One was the uptick in phishing malware activity brought on to exploit the pandemic and also the lack of end point protection. This is part technical (endpoint controls having to account for home users’ systems) and part human (with no one sitting next to you to say “Hey, does this look legit to you?”) and the phishers are exploiting the pandemic to increase click rates.
The second was that traditional monitoring relied heavily on gathering logs and records of activity from across the enterprise’s servers, network perimeters, proxies, content gateways and application systems. This is very different to the loss of visibility to attack or misuse and effective operations processes that occurred when users and systems quickly moved to remote functionality. Threat detection, response, incident handling and compliance reporting were significantly impaired because business was unable to adopt a flexible yet effective approach to security.
One year on, with lockdowns (and worse) still a reality in many countries, most (if not all) businesses are looking to retain the flexibility of a largely hybrid working pattern. These aspects of security therefore need to address this potentially permanent digital transformation.
With effective cyber security becoming more challenging, there are signs of rapid growth in the Managed Security Services market as businesses seek the expertise of specialist firms to provide monitoring and managed threat detection capabilities. Sources report this growth is as high as 18% CAGR. And this isn’t due just to the pandemic, these figures are part of a longer term trend.
Security monitoring, the technology and the processes are complex, particularly if you are hoping to provide anything approaching 24/7 protection. In the past there was a view that with users, systems and networks on site, in-house teams were better placed than Managed Security Services Providers (MSSPs) to handle the operations burden. Now as the enterprise footprints are redefined and location constraints fall away, we can expect businesses to continue to adopt appropriate security arrangements that support this shift to remote workforces and remote hosting.
The other reason of course is that security resources are still scarce, and the kind of deep technical knowledge to handle modern, advanced security breaches remains thin on the ground. For anything other than a large organisation, resourcing, equipping and maintaining a team in a cost-effective way is difficult.
Dedicated managed security providers have an advantage. They can amortise these specialist costs across multiple customers, and even leverage increasingly competent technology across multiple customer environments. This means that the expertise is better utilised and more cost-effective, as IT security workflows and playbooks are industrialised to share expertise and economies of scale across disparate client network domains.
The people wanting to steal data, plant ransomware or compromise your systems are organised, well resourced and clever. The advances in technical sophistication and capability by security and risk teams are rapidly mimicked and even bettered by cyber attackers operating in the almost parallel “black economy”. Morality and motive aside, their capabilities are everything you would aspire for your organisation – and your security team – to be: efficient, effective, skilled, creative and well-resourced.
Attackers will seek out weaknesses in configurations, patching, security controls and even user awareness. They will exploit any weaknesses quickly and without compunction. In some sense this has always been the case, but the stakes are now higher and more intense; and as we digitally transform our economies the target surface is only getting bigger. Security teams are being challenged on many fronts: more complex threats to defend against, the moving IT perimeter, broader IT governance obligations and an ongoing skills shortage.
There is a massive asymmetry between the defensive responsibilities of the security team and the efforts of an attacker. If you’re defending networks, systems and data a security team must implement controls that cover all of the things, all of the time. An attacker, in stark contrast only needs to find one obscure vulnerability that exists briefly to exploit your defences and compromise your security efforts.
For those business that decide to outsource elements of security monitoring, threat detection and response, there are often common goals and desired outcomes. What capabilities and benefits can an efficient and skilled MSSP provide?
For businesses that want to outsource elements of security operations, a good MSSP with skilled security analysts and a well-designed technology stack can often provide capable, focussed and cost effective managed cyber security. They can look for trends or common problems across a range of customers, optimise the responses, create and refine playbooks and, in short, leverage cross-company insights to give their customers unique visibility of the security environment.
For other businesses, who wish to retain in-house operational capability, they face making the same choices around the technology stack and how they build an effective operations capability. The ultimate goals are the same.
A recent KPMG Report suggests that protecting against and dealing with cyber risks will be the major challenge for senior executives in 2024. It is clear that despite high levels of security investment, organisations continue to suffer from cyber attacks.Read more
The Australian Signals Directorate’s (ASD) recent publication of their Cyber Threat Report 2022-2023 unearthed a range of areas for concern for government departments and critical infrastructure entities at local, State and Federal level.Read more
As cyber risks increase, organisations are encountering the longer life cycle of insurance renewals and the need to demonstrate better management of security controls and their effectiveness.Read more
Highlights and insights from the recent Managed Services Summit in London & the ISACA Central Chapter Conference on Digital Trust, in Birmingham, UK. With two recent conferences in the space of three days, some interesting challenges were very evident in the topics discussed. Being very different events, the challenges were quite different, but interestingly they […]Read more
In early August 2023, the latest joint advisory on persistent vulnerabilities was issued by the intelligence and security agencies of the “Five-eyes” community. These joint advisories are becoming more common. Perhaps recognising the growing importance of shared security information and the common nature of many of the threats faced – the weight they carry makes […]Read more
The quality of your risk assessment and the security information it provides is important; if you plan to use it to actively manage your operational and cyber resilience activities. Organisations are constantly exposed to a rapidly changing threat environment, so you really need a similarly rapid evidence-based feedback system that informs you of the ongoing […]Read more
The UK market has its own regulators, security standards and challenges. And while rulings from SEC in the US or the Australian Prudential Regulation Authority (APRA) in Australia don’t apply to UK companies, for the most part, the observations are undoubtedly relevant and the resulting advice instructive. It would be wrong to think UK financial […]Read more
<<< Part 2a: Australia’s Essential Eight: Beyond Endpoint Control <<< Part 2b: Activating UK NCSC & US NIST Guidelines: Beyond Endpoint Control Part 4: Systematic Measurement of Cyber Controls >>> As much as we invest into cyber security controls, external threats are inevitable. In a recent Notifiable Data Breaches Report from the Office of the […]Read more
Keen campers, scouts and even the Swiss Army know – that a good penknife is indispensable. This simple device has mitigated many a disaster at one point in time or another. Whether it’s to cut through a bit of string, tighten a screw or simply to solve the problem of no bottle opener in the […]Read more
Supply chain risk is an area of cyber security that demands the ongoing attention of every enterprise; because it can make the difference between being resilient or not. It’s no surprise that insurers warn that the vulnerability of supply chains is potentially a systemic risk that can quickly propagate across supply chain dominated industries. Organisations […]Read more
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.