classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018


Cyber resilience is key to cybersecurity
February 2018, Cyber Security, Security Services & Risk Management

The current focus on ransomware is in itself dangerous, argues Jeremy Capell, executive: cyber resilience, Internet Solutions and ContinuitySA, because it deflects attention away from building an holistic response that includes recovery as well as prevention.

Jeremy Capell.
Jeremy Capell.

“The threat landscape is constantly mutating, and cybercriminals have enormous resources behind them. While security measures to prevent a breach remain important, organisations must devote even more resources to developing the ability to respond to, and recover from, an attack,” he says. “This cyber resilience is critical because chances are that an attack will succeed – how quickly the business can get back up and running will determine its sustainability.”

Capell says that cyber resilience means that cybersecurity can no longer be seen purely as an IT issue, but must be integrated into the broader business continuity and business resilience plan.

“Ultimately, the CEO and board are responsible for the organisation’s ability to continue trading after a disaster, so building a business that is resilient in the face of disaster is very much something they should be driving,” he argues.

When it comes to building cyber resilience, says Tim Quintal, senior product manager: cyber resilience, Internet Solutions, the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) offers a great blueprint. The NIST framework comprises five pillars:

• Identify. Manage and govern cybersecurity risk.

• Protect. Traditional firewalls must be supplemented with next generation security technologies such as intrusion prevention systems. E-mails are a key vulnerability, so anti-virus technology must be complemented by user education – the same goes for web security. It is also vital to protect end-point devices which can introduce malware onto networks via, for example, an infected USB. Proper patch management processes are also critical; WannaCry gained access via a vulnerability for which Microsoft had provided a patch several months earlier, so the damage caused was largely preventable.

• Detect. One technique is to deploy ­honeypots, or create clear vulnerabilities, to entice hackers into a quarantine area where they can be studied. Many attacks are undetected for extended periods so this area has a crucial role to play. For example, ransomware is increasingly activated only after an extended period of time, meaning that backups themselves are infected, thus hamstringing response and recovery.

• Respond. Because of cybercrime’s resources and the constant development of new technologies, the likelihood of a breach is real. The organisation must have a plan to respond to a breach, which would include crisis communications with stakeholders. A key element of any response would include proper disaster recovery and backups – the latter must be regularly tested. Response should also include feeding lessons learned into the cyber-resilience plan.

• Recover. Once the immediate response is under way, the organisation must have a strategy and capability for returning to normal operations.

Looking into the future, Capell warns that the constant advance in hacking techniques will accelerate. A growing threat is the emergence of the Internet of Things, which will see millions of scada and PLM devices connected.

“This ‘operational technology’ is typically designed by engineers using old DOS-based software and is intrinsically insecure – a myriad of back doors into corporate networks,” he concludes. “Those that build resilience into their organisations will be those that continue to prosper as technology’s march continues.”

For more information contact ContinuitySA, +27 (0)11 554 8050, cindy.bodenstein@continuitysa.co.za, www.continuitysa.co.za


Credit(s)
  Share via Twitter   Share via LinkedIn      

Further reading:

  • NEC XON talks Industry 4.0 and disruption
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Conferences & Events, Training & Education
    NEC XON held its seventh annual summit at Sun City in October this year in which it focused on the Fourth Industrial Revolution (IR4) and how it would disrupt the status quo.
  • Optimal selection of CCTV operators
    November 2018, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    Technology is often seen as the primary factor in the success of CCTV surveillance control rooms, yet Dr Craig Donald has seen new control rooms with the most up-to-date technology fail.
  • Our dependence on cyber-connectivity
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Government and Parastatal (Industry)
    The health, safety, security, economic well-being of citizens, effective functioning of government and perhaps even the survival of the industrialised world relies heavily upon interconnected critical systems.
  • How close has video analytics grown to AI?
    November 2018, Technews Publishing, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
    Hi-Tech Security Solutions asks how far artificial intelligence has changed the video analytics market and how it will make an impact in future.
  • The latest X-ray scanning solutions
    November 2018, Technews Publishing, Asset Management, EAS, RFID, Security Services & Risk Management
    Hi-Tech Security Solutions asked three suppliers of X-ray scanning equipment for some insights into the latest products and their safety.
  • Managing business continuity and disaster recovery
    November 2018, Technews Publishing, IT infrastructure, Security Services & Risk Management
    Organisations are increasingly reliant on their IT systems and data, but they are faced with risks in the form of anything from accidental data loss, to deliberate acts of sabotage.
  • Smart cities spend less
    November 2018, Axis Communications SA, Government and Parastatal (Industry), CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    A proactive management model allows cities to work smarter and save money while offering better services and results to their citizens.
  • Digital forensics is crucial to the security chain
    November 2018, Cyber Security
    Forensics involves the application of forensic tools to recover, scrutinise and analyse masses of data and logs to uncover what has happened.
  • The risks of social media
    November 2018, AVeS Cyber Security, Cyber Security
    Employees, their social media profiles and the devices they use to access a company’s network and resources provide a plethora of gateways into the infrastructure for cyber criminals.
  • What about the service level agreement?
    November 2018, Vision Catcher, This Week's Editor's Pick, Security Services & Risk Management
    Niall Beazley discusses the importance of a reliable service level agreement (SLA) if you want to rest assured in the long-term efficacy of your security installation.
  • The need for resilience in national infrastructure
    November 2018, Government and Parastatal (Industry), Cyber Security, Security Services & Risk Management
    The industries and infrastructure on which so much of our daily lives depend are deep in the midst of mass digitisation.
  • Protecting constantly connected users
    November 2018, Products, Cyber Security
    The latest versions of ESET security products offer multi-layered protection, enhanced IoT protection, product referral and a new security report feature.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.