Latest Security Opinions
Managed service providers (MSPs) are at a crossroads in terms of what security services they are going to offer their customers. The dynamic digital landscape has required them to include some kind of security. At the same time, they know what they are currently offering isn’t going to serve them or their customers in the long term. Fortunately, MSPs don’t have to go it alone; they can partner with Managed Detection and Response (MDR) providers to fill in the gaps in their security portfolios and give them a superior competitive position.
The Covid-19 pandemic has led many companies to alter the way they conduct business, in many cases evolving to a new way of running operations. Some businesses have been fortunate where operating models have stayed in line with “Business as Usual”. However, in most cases businesses have either had to adapt or evolve into a new operating model.
Information security and cyber defence teams have a challenge ahead of them, they will not only have to run normal day-to-day operations but now must understand the new threat vectors that are being introduced that widen the threat landscape, and work to minimise cyber risk so businesses stay protected.
Cybersecurity teams are some of the most risk averse people in any organisation — they have to be. In our new coronavirus-induced reality, however, this trait is being challenged.
Security pros dipping their toes into cloud applications have been forced firmly out of their comfort zones. Instead of vetting remote work or cloud-based systems one by one over a suitable period, companies are spinning up multiple overnight. And this is against the backdrop of all of the other numerous fears and anxieties that a global pandemic brings to the table. It doesn’t matter if you’re in marketing, finance or IT: high-pressure situations breed errors.
“The combination of these factors together makes this a very risky situation for a lot of organisations,” says Jeremy Snyder, VP of Business Development and International Strategy at cloud security company DivvyCloud.
What lessons can be learned from reviewing how we manage cybersecurity and applying it to an anti-Coronavirus campaign? In recent years, some in the cyber world recognize that there is a lot to learn from the biological world when protecting systems against viruses. Now, the Corona epidemic presents an opportunity for the medical world to learn something from the cyber world. To analyze the strategies selected by various countries, let’s review it through the lens of cyber strategies. Let’s begin by recognizing that cybersecurity is built in layers. There is no one magic solution or layer which will prevent all the possible attacks. Furthermore, in the cyber world, it has been realized for some time that it is impossible to protect everything for all eternity. There will be victims.
As we all adjust to working remotely, security teams across the world are grappling with a very serious challenge. Almost overnight our companies have changed. Well established procedures are being rewritten, best practices quickly rethought, and policies stretched to breaking point.
Business transformation is always a security risk. New technology and working practices need new security measures; but normally this risk is managed carefully, and over time. Covid-19 has not afforded us that luxury. For some businesses the scale and speed of this change will be unprecedented. It is also very public; attackers are aware of the situation and already exploiting it. Below are some of the most serious threats that security teams will face over the coming weeks.
As enterprises go digital and integrate new technologies into their business, public sector organisations have been left scrambling to keep up with the new digital age. This is a mammoth challenge for a public institution like the NHS which operates across a massive scale and hosts huge amounts of data.
It’s not as simple as moving away from legacy infrastructure to a cloud platform in a few easy steps. It’s a complicated project that encompasses different areas including cyber security, networking, data and cloud. The issue facing the NHS and other public sector organisations is prioritising one area without compromising another. It’s a careful balancing act to ensure that the NHS can achieve its aim of becoming digital and agile, whilst deploying a stringent cyber security strategy in order to protect its new digital system, critical services and confidential data.
Cybercriminals are becoming increasingly sophisticated. And whilst we might associate hacking and other forms of cybercrime with attacks on computer systems and individual machines, there is a dangerous growing trend that sees mobile devices becoming a prime target. It seems that phishing – the practice of sending deceptive messages in order to trick the receiver into downloading malware or revealing their password – is being increasingly targeted towards mobiles.
Nir Chervoni is a seasoned information security leader with extensive information technology, information security, and strategic security planning skills. He is currently acting as Group Product Manager – Security for Booking.com. At Cloud & Cyber Security Expo London, Chervoni will review data security challenges in the new era of microservices
Megan Pentecost is an experienced information security professional working in the charity sector after many years analysing and designing systems in the US financial sector. She engages with multiple teams across her organisation to select and implement secure solutions, establish information governance and manage security risk. With a background in psychology and business analysis, Megan has a keen interest in the human and behavioural side of information security, alongside introducing technology based solutions to continuously improve performance and manage risk.
With the cloud industry establishing itself as a key movement in the provision of IT infrastructure around the world, the emergence of US dominant global hyperscale providers has placed many European government organisations in an increasingly difficult position.
The issue is one of independence, or more precisely, the enormous reliance that organisations based in Europe have on the market-leading, largely US-based cloud providers, who must enforce US-based regulations and practices that aren’t suitable for European citizens and company data.
Helen Williams is a Cyber Protect Officer working for the North West Regional Organised Crime Unit within UK Law enforcement. She works on projects with specific audiences to improve online security, as well as working with victims of cyber-crime and speaking at events and conferences.
As DevOps Technical Lead at Virgin Atlantic, Martyn Coupland has two primary responsibilities. First, he is one of the subject matter experts for the airline’s Microsoft Azure platform and the subject matter expert for the Azure toolset which enables its DevOps program.
In addition to the technical legwork, Martyn also provides expertise “around the softer side of DevOps” – in other words, the people and process side of things: “As technology changes, people change and processes change. DevOps will always be here to ensure all three sit together and provide real value,” he explains. “This allows not just technology teams at Virgin Atlantic but other parts of the business to adopt DevOps methodologies.”