Data is the common theme or currency traded in every digital business interaction, so the value of this data has increased hugely, and with it so has the amount of unwanted attention from organised crime. Data is the target of a wide range of attacks. Both businesses and individual users need to protect their data and digital identities from these attacks, and the old methods of security are simply no longer good enough. To counter increasingly agile, globally connected and coordinated attacks, we must also adopt a multi-faceted, agile, globally connected, and coordinated approach to data security.
Technology has fundamentally altered human interaction. Take for example smartphones and tablets, which are becoming increasingly affordable and thus are filtering down to all walks of life. These mobile devices are in fact full-blown computers, with enough processing power to empower users to perform an astonishing array of tasks on the move. We have now entered the era of digital interaction, driven by ubiquitous connectivity, with access to business and services in an instant.
This has narrowed the gap between the business and the customer, and has also shrunk the window in which to target, conduct and conclude business. There are huge opportunities for businesses embracing online business models, especially as many companies are seeing traditional revenue streams being overtaken by new digital revenue channels, but with those opportunities businesses must responsibly face the challenges of protecting themselves and their customers - cyber defence.
Doing business in a digital world is beset with challenges, most significantly in terms of how to safely and securely transact, and how to protect sensitive corporate assets and customer information. In addition, the data value chain has changed. In order to capitalise on digital business it is essential for businesses to get closer to their data. In many ways one could argue that their differentiation is in the data. This data is vast, diverse and can be collected from almost anywhere, providing significant insight, knowledge and competitive advantage, even for organised crime. It's that value that has caused data to in effect become a currency in its own right, and organisations need to protect this data from access by unauthorised persons.
The reality is that in our everyday interaction with the online world, we leave a growing footprint of data and information that can be easily gathered and pieced together to build a detailed profile of our private behaviours and interactions; complete with locations, education, health, business, family, friends, preferences and much more, and this information can be exploited for criminal gain. Criminal's first use a practiced termed "doxing"; researching and collecting publicly available information about a targeted individual in order to enable the next phase of the attack founded on social engineering. The information gathered about you is used, for example, to send a very deliberate, tailored and believable phishing email.
The construct of the email mimics an email from a colleague, friend or business but often contains a bad URL link or document containing a malware "payload", one that could enable parallel processing i.e. access to your system files, email inbox, keystrokes. An unsuspecting user can let criminals into the business through a simple click. Data theft has become big business, a vast criminal empire that is even bigger than drug trafficking, it is actually a digital business in its own right with attacks available for purchased off the shelf online. As businesses and as individual users, we need to take cognisance of our digital identities and take every possible effort to safeguard our data. We have a responsibility to educate our children and our staff as to the dangers of "digital interaction" - technology only protects us to a point, we must become human firewalls.
Digital business is a global business, online and accessible every hour of everyday for customers and criminals a like. While many people and businesses hold onto the thought that "it won't happen to me", the truth is that there are two types of business "those that know they are being attacked, and those that don't". Data breaches are now a daily occurrence globally, from both outside threats and inside threats. The latter being the cause of multiple instances of high profile attacks over the past few years, where millions of records were stolen. Many of these breaches resulting in top executives having to step down from their posts and in addition the company takes a hefty drop in share price. An impact that can take years to recover from. The danger of data theft is real, but there are many things that can be done to protect both corporate data and personal information.
Effective data protection today needs to cover four key areas. Firstly, it is still essential to protect ICT infrastructure from outside threats, using tried and trusted technologies such as intrusion prevention, anti-virus and anti-malware. While this alone is no longer enough, it is still an essential foundation for security and if it is not in place leaves a significant vulnerability that will be exploited.
Secondly, organisations need to take steps to safeguard corporate IP and personal data. New digital business models often necessitate opening up traditional value chains to partners, service providers, and third parties which in turn can expose sensitive assets required to conduct business. These sensitive assets require protecting; who is accessing what data when, from where, why and importantly should they have the rights to do so. Identity and access management is essential in a world where physical boundaries shift to virtual boundaries. Identity and access management solutions that provide the visibility and management controls over digital identities are essential. Furthermore such solutions should provide a richness of data analytics to allow business to tighten the noose on data classification over time.
The third factor to be addressed is the human element. Although having tools and technology in place is vital, people remain the weakest link in any security chain. For many companies out there, ICT security is not their core business, and as such they do not want to build an internal competency to combat the growing cyber security threat. Many would prefer to leave it to the experts, but still retain the parental controls. To that end, organisations should consider enlisting the services of specialist enterprise security experts while retaining ownership of the governance risk and compliance (GRC) for their business, as this responsibility cannot and should not be abdicated.
These consultancy services can be extremely valuable in helping a company to define a targeted investment cyber defence roadmap that drives the maximum risk out of their business. Helping to define policy to procedures, strategy to architecture, vulnerability assessments to robust protection, penetration testing to hardened systems and much more. One must also recognise that it is essential to embed security into the very culture of the organisation, which requires continual user awareness training at every level from top to bottom. Regular education and training on new digital social etiquettes, the unseen dangers from device capability, and of course the basic principles of protection in a digital context can help to create the 'human firewall' that protects both individuals and the organisation as a whole.
The final aspect to a comprehensive and robust security solution is advanced cyber defence, which represents an entirely new approach to protection against globally connected, coordinated attacks. Advanced cyber defence is not a tool, but a process that must go beyond traditional security and leverage the larger global community. Typically security information and event management systems gather data from point solutions such as web access gateways, email gateways, firewalls, endpoints, access controls and more, which can be analysed to maintain greater visibility into your entire ICT security landscape, providing persistent monitoring and actionable intelligence.
This internal view is then further augmented with global and industry-specific threat intelligence and analysed by security specialists, typically within a security operations centre (SOC). Other methods and technologies such as honeypots (decoy systems) are used to gain insight into attacker and intruder behaviours. Understanding the anatomy of a threat and methods of attack, per industry, is incredibly useful in enabling the development of better more targeted defences. All of this can be used to develop a security roadmap that is both prioritised in terms of driving risk out of the business and secondly enables targeted investment.
In this shifting security landscape, the role of the reseller needs to change. Securing people and organisations from coordinated, global and sophisticated attacks require a move away from individual point solutions toward a more connected security ecosystem. It is essential to move toward common communication mechanisms between the various point solutions and between vendors in order to be able to gather sufficient intelligence to counter the growing number of advanced, persistent threats.
Without common communication, solutions are less effective because they are all working in silos and in isolation, each trying individually to counter attacks that exploit what may well be known weaknesses. A connected security ecosystem, seamlessly integrated and working in harmony is the foundation to enable advanced cyber defence. More than that however, a chain of global partnerships must exist between customers, managed security service providers and security hardware and software vendors so as to combine our global threat intelligence and maintain visibility of the ever constant and shifting threat landscape.
That said it only represents one face of the coin - being able to gain a holistic view of the entire ICT security or threat landscape is one thing. Being able to take corrective action quickly is the other. A connected security ecosystem must go beyond visibility and information or intelligence gathering. It must be able to remediate, to take corrective action in near real time at any one of the point solutions distributed across your business, be it changing the configuration of the web or email access gateways or locking down infected systems, corrective measures must be put in place as quick as possible in order to limit exposure and damage, while preventing it from happening again.
