City Security Magazine Summer 2016

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Cyber security -

it’s not all ‘doom and gloom’

P

eople hear cyber security and a pall descends on the room, as everyone

expects the next utterance to contain some horrific story of intellectual property theft, financial embezzlement or massive digital channel disruption. Sadly, compromises do indeed occur on an all-to-frequent basis; however, the good news is that it is not all ‘Doom and Gloom’.

Attackers aim to compromise a target in the easiest and cheapest way possible: they actively consider their own Return On Investment (ROI) as they seek to achieve a commercial gain from their activities. Once this is understood, then the defence within an organisation can be marshalled and given direction.

With the increasing prevalence of cyber attacks, a range of government-sponsored frameworks (e.g. NIST & SANS 20) have been published, all aimed at suggesting structure

around how any organisation can prepare its defence using best practice.

Once the chosen framework is adopted, scope can then be defined for each area and a set of controls developed, along with supporting technology, processes and integration into the Security Operations team.

Whilst it is extremely hard, and arguably impossible, to protect your organisation against the most determined adversary, it is possible to make the cost of compromising your organisation prohibitively expensive to attackers looking for easy gains. Even putting in place or enhancing some simple processes can result in substantial hardening of your cyber security and, potentially, that alone can deter a more casual attacker.

As the technology used by attackers gets more and more sophisticated, so too does the commercial availability of defensive solutions. Much has been made recently around solutions leveraging machine learning and artificial intelligence to detect an attacker within an internal corporate network. These are very powerful and valid technologies; however, they are, typically, expensive. Each organisation has to determine the context of their digital assets and hence the true value being protected. With this Data Context Model in place, investments in these powerful new gold standard technologies can be deployed, in a targeted fashion. With an

organisation’s core assets protected, other assets can be defended using a bronze or silver solution, due to their lower criticality.

One of the most interesting technologies to recently become commercially available is around electronic communications surveillance. This can detect the sentiment of an employee based on sophisticated analysis of their email, instant messaging and even telephony conversation transcripts. Over a period of time, changes in sentiment can be measured and the security controls associated with an employee, alerted as higher risk, can be increased and a compromise hopefully prevented. There is definitely an element of Big Brother involved in the adoption of such technologies; however, without the cyber security industry making these innovations available to organisations, the attacker’s ROI will simply increase.

There is already a lot of assistance freely available to assist every business in organising its cyber defence, supported by continuous technology innovation. Even small changes to processes and/or technology adoption can make your defence sufficiently robust that the ROI of an attack becomes prohibitively low for all but the most determined adversary.

Steve Street CEO, Tantallon

www.tantallon.com

DRIVING VALUE THROUGH INNOVATIVE SOLUTIONS

Putting the safety and security of your 

 

• Manned Guarding • Integrated Systems • Remote Monitoring • Front Of House

Northampton / London / Belfast / Dublin / Livingston

650 Pavilion Drive , Northampton Business Park, Northampton, NN4 7SL Tel: 01604 744000 Email: info@vsg.co.uk Web: www.vsg.co.uk

18 © CI TY S ECURI TY MAGAZ INE – SUMME R 2016 Advertisement  

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36