In his first Blog for infologue Paul Barnard, Security Risk and Mitigation Director at Ward Security discusses the new virtual walls of security, the ever-evolving threats and the importance of regularly testing the robustness of your business to avoid being exploited by cybercrime.
He writes: “Walking through the City of London you could be forgiven for missing out on a show of history at every corner as you gaze up in wonder at the new glass skyscrapers housing people and businesses who keep that trade going. You could easily miss a large group of people congregating on a sunny patio outside a hotel a few steps away from Tower Tube station, sipping prosecco in the evening sunshine.
“In their midst are the remnants of an old stone wall, preserved for all to see, quite unremarkable given its location and the buildings surrounding it. But read the plaque nearby and you soon realize its historical significance.
“This formed part of the Old City Wall, which was designed to ensure trade across the City could continue unhindered, with only trusted and known traders being allowed into the City. Keeping out marauding enemies or those who would wish harm was a constant struggle, but the significance of the wall cannot be overstated, in terms of allowing a thriving economy.
“Today, of course, the physical wall no longer exists, free trade and movement of goods, as we are still part of the EU, continues. The traders and businesses of the City of London however, like in all major cities, are now under attack from malicious cybercriminals’ intent on stealing data, information, infiltrating computer servers or systems or stealing money or money’s worth.
“The threat is constant and ever evolving. In essence, this is the real challenge for security – a threat one day changes the next. There are of course constant battles and investment, to help prevent this from becoming a major issue.
“We are in an era where we have a new Wall – a Cyber Wall – but is that Wall as consistent in depth, breadth and height as the one that protected physical trade for so long?
“While the Government has announced a £ 1.9 Billion investment in Cyber Security, it is still the responsibility of us all to build our own Cyber Defense Walls, to ensure there are no weaknesses. Cyber Essentials will help you build the wall so it is effective, but as we all know there is no point in doing so if you are not going to maintain its effectiveness. Be robust, ensure your defenses are up to date as any weakness can and will be exploited. Test the wall regularly to make sure it is steadfast through cyber penetration tests. If it’s not, update your software and don’t ignore updates sent through to your device – obviously, make sure it’s a valid update and request first!
“Keep a lookout by staying informed about the type of attacks on the roads around you, also learn about the prevention and protection methodologies that exist. Make sure for instance that all your employees are educated and there are some excellent tools out there to do so.
“The National Cyber Security Centre (NCSC) has a remit to counter the most harmful and risky cyber attacks against the UK. You can sign up to their Linked In articles and posts, which is an effective way to stay informed of the latest thinking. There are also plenty of Cyber-based educational seminars on the subject to attend which will give you better insight into the current issues that you need to be aware of to protect your business and people.
“Assessments in 2019 show that the Insider Threat is as valid a risk as ever. Whether the Insider is malicious, reckless, ignorant or just plain forgetful, having the right education in place and systems and processes to deal with any such threat are essential tools to maintain the wall as effectively from within. Running workshops aimed at identifying unusual behaviours in colleagues as well as organising tabletop exercises to test your businesses response in the event of a cyber breach are effective ways to educate your team and switch them on to cybercrime.
“As our society becomes more and more tech integrated, for instance with the advent of 5G networks, there will be some brilliant business opportunities, but I believe we should now be converging our thinking – Cyber Security and Physical Security are and will be even more integrated than ever. This poses a dilemma, but it’s also in my view much more an effective way of demonstrating the effectiveness of security as a value-added commodity to profits and safety.”