Posts Tagged ‘cyber’

A change to the cyber risk landscape

On June 27th 2017 a cyber-attack called ‘NotPetya’ was launched against a large number of firms. The attack was notable for three reasons;

  • it used a third-party software update mechanism to spread,
  • it was a geopolitically motivated destructive attack that caused extensive damage to uninvolved bystanders
  • it used automated techniques that previously were only associated with sophisticated manual attackers that reduced the time the attack took to spread across networks from days to minutes.

This has crystallised a potential cyber risk that has been a concern for some time such that untargeted and destructive attacks would become as sophisticated as manual attacks by highly capable threat actors.
(more…)

The Future of Security Automation.

It is entirely possible I am about to have a flying car moment. Recently I have been asked by a variety of product vendors and security consultancies for my opinions on the future direction of security and where they should be focusing their innovation efforts. I’m honestly not sure why I get asked this but I enjoy both the sound of my own voice and free lunches so i’m not complaining. Here is my view on the core of how we will be delivering security in large enterprises in the near-ish future.
(more…)

The security opportunity in Digital

Four years ago I discussed some of the characteristics of cyber security that made the use of the term useful, this was at a time when the use of cyber security was widely derided by practitioners of IT security and Information Security. One of the common complaints was that Cyber was just the same things we had already been doing re-branded to seem ‘cool’. As time has moved on the practices of cyber have become clearer, the use of threat intelligence, the development of threat hunting, the increased focused on incident response, the wide deployment of behavioural analytics etc. As is the case early adopters knew they were solving new problems in a new way but the articulation of meaning to the later adopters has needed a body of activity and emerging practices to clarify how cyber security overlaps with but also differs from the other predecessor disciplines IT and Information Security (both of which are still going strong and are still necesary).

Another buzzword appeared soon after cyber and that was Digital. Digital is a customer-focused technology-first approach to business that again looked just like what we were doing before in technology and business activities. Over time practices have emerged, agile development, devops, infrastructure automation, cloud, mobile, social etc that have started defining what the early adopters really meant when they said Digital.

Digital lies in the intersection of velocity, scale and complexity.

(more…)

Cyber Resilience: Part Six Recommended Reading

 

Here are the sources used when developing the thinking behind this blog series:

(more…)

Cyber Resilience: Part Five What next?

Cyber resistance clearly requires leadership and operational intervention from specialised cyber professionals.  However, Cyber Resilience requires a broader institutional response that encompasses all aspects of the business.  As such, it needs to be owned by the entire executive management of an organisation.

The Department encourages all institutions to view cyber security as an integral aspect of their overall risk management strategy, rather than solely as a subset of information technology.” Benjamin Lawsky, Superintendent of Financial Services, New York State Department of Financial Services, December 2014

(more…)

Twitter RSS