Security has always been paramount to the long-term success of an organisation, although the complexity involved in achieving this security, in recent years, has become a great concern.
We are living in a time where a holistic approach to security is a necessity, as perimeter based defences and historic anti-virus methods are no longer sufficient to prevent attackers penetrating key systems. What can we do today to begin to provide the level of protection necessary to defend against the growing variety and volume of cyber threats?
We can start with four key steps:
1. Understand the risks posed to your company assets
It is critical that first you understand what the key assets are you are trying to protect, and the ramifications of a breach or theft of those assets. Understanding the consequences of loss can help put a value on the defence of those assets, and allow for an understanding of how someone may take those assets.
The business should work in partnership with the IT and Security departments throughout this process to ensure a comprehensive review. This simple exercise can often provide crucial figures to support the business case for investment into security services and solutions.
2. Assess the maturity of your current security measures
Next, you must look at the risks posed and analyse your current security defences. Examine the maturity of your existing security solutions and services, taking into consideration the attack vectors your company will most likely face.
Often it becomes clear that security products purchased over a number of years are isolated solutions that do not work harmoniously to provide a holistic defence. Many systems do not interact or even offer open API capabilities to allow feeds to and from other systems. Once you understand what you have, from a security perspective, you will clearly see what is working and what needs reconsideration.
Start with your security policies, checking they are up to date and still fit for purpose. Organisations often devise policies, and rarely revise them. Establishing fundamental policies that make sense for your company will help to ensure employees are aware of their contribution to the continued security of the organisation.
Risk and compliance assessments can help you to confirm whether particular regulations you must abide by are being adhered to, particularly with recent changes and the introduction of new policies such as GDPR, NIS, and ePrivacy.
Systems vulnerability scans will highlight where the most basic of procedures, patching and updates, are not being performed to the required level. This will help establish a plan for remedial activity to rectify this oversight.
Penetration tests can all help to contribute to understanding the current security position, and determine which, if any, systems are vulnerable to attacks.
3. Define a holistic strategy
With an improved perspective on what you are defending, where the risks lie, and what services are working, you can now focus on developing a holistic strategy for cyber defence. This means both defence against external adversaries, and insider threat.
Knowing the strategic imperatives will allow a clearer understanding of where to invest to secure your organisation, and help to discern the solutions and services required.
Implementing a Security information and event management system (SIEM), and a Security Operations Centre (SOC), is often the best way to ensure a good level of security and visibility across the organisation. However, before you build your own SOC, be sure this is right for your company. Do you have the budget to establish and maintain a strong SOC? The cyber skills shortage means experts are in high demand but low supply, reflected in salary expectations.
Another factor to consider is whether you can gain access to enough comprehensive threat intelligence data to defend your organisation. Whilst operating your own SOC may seem a good decision, often it is better utilising companies who provide this as a service, leveraging their size and scale.
Scheduled vulnerability assessments can help identify unpatched systems, and allow creation of plans to rectify or mitigate these identified vulnerabilities. Run on a regular basis, these scans can provide a level of confidence that systems are maintained in accordance with vendor guidelines, thereby closing the holes that could be exploited by attackers.
4. Invest in appropriate services
There are many services that can help defend your organisation, but the key is to leverage services that are right for your company, and your security requirements. Ensuring interoperability between systems will help future proof your strategy should you look to swap out one service for another at a future date.
The key is to begin the journey:
- Understand the risks posed to your company assets
- Assess the maturity of your current security measures
- Define a holistic strategy
- Invest in services that make sense for your organisation and the assets you are protecting
Scott Cairns sits on the board of management as CTO and senior strategist at T-Systems. As Head of Security, Scott manages the consultancy practice, and draws from both his experience in the sector, and recent Masters Degree in Information Security and Digital Forensics. His focus of study was the importance in attaining a balance between empowering security experts, and the application of machine learning AI as a basis for a future Cyber Defence Strategy.