Cyber security – it’s not all ‘doom and gloom’
People hear cyber security and a pall descends on the room, as everyone expects the next utterance to contain some horrific story of intellectual property theft, financial embezzlement or massive digital channel disruption. Sadly, compromises do indeed occur on an all-to-frequent basis; however, the good news is that it is not all ‘Doom and Gloom’.
Attackers aim to compromise a target in the easiest and cheapest way possible: they actively consider their own Return On Investment (ROI) as they seek to achieve a commercial gain from their activities. Once this is understood, then the defence within an organisation can be marshalled and given direction.
Cyber security frameworks
With the increasing prevalence of cyber attacks, a range of government-sponsored frameworks (e.g. NIST & SANS 20) have been published, all aimed at suggesting structure around how any organisation can prepare its defence using best practice.
Once the chosen framework is adopted, scope can then be defined for each area and a set of controls developed, along with supporting technology, processes and integration into the Security Operations team.
Whilst it is extremely hard, and arguably impossible, to protect your organisation against the most determined adversary, it is possible to make the cost of compromising your organisation prohibitively expensive to attackers looking for easy gains. Even putting in place or enhancing some simple processes can result in substantial hardening of your cyber security and, potentially, that alone can deter a more casual attacker.
Sophisticated defensive solutions
As the technology used by attackers gets more and more sophisticated, so too does the commercial availability of defensive solutions. Much has been made recently around solutions leveraging machine learning and artificial intelligence to detect an attacker within an internal corporate network. These are very powerful and valid technologies; however, they are, typically, expensive. Each organisation has to determine the context of their digital assets and hence the true value being protected. With this Data Context Model in place, investments in these powerful new gold standard technologies can be deployed, in a targeted fashion. With an organisation’s core assets protected, other assets can be defended using a bronze or silver solution, due to their lower criticality.
One of the most interesting technologies to recently become commercially available is around electronic communications surveillance. This can detect the sentiment of an employee based on sophisticated analysis of their email, instant messaging and even telephony conversation transcripts. Over a period of time, changes in sentiment can be measured and the security controls associated with an employee, alerted as higher risk, can be increased and a compromise hopefully prevented. There is definitely an element of Big Brother involved in the adoption of such technologies; however, without the cyber security industry making these innovations available to organisations, the attacker’s ROI will simply increase.
There is already a lot of assistance freely available to assist every business in organising its cyber defence, supported by continuous technology innovation. Even small changes to processes and/or technology adoption can make your defence sufficiently robust that the ROI of an attack becomes prohibitively low for all but the most determined adversary.