Evolving cyber threats need a real time response

Over the last year cyber security has never been out of the headlines as new dimensions of risk have been exposed and publicised.

They bring in to sharp focus the need for organisations to develop a defence strategy that is a part of its everyday on-going operations which can detect and respond to threats in real time.

The attack on Sony PlayStation was clearly a seismic event for the company both in terms of reputation and financial impact.

However, the attack on security company RSA highlighted the complex plans, ambition and strategic intent of cyber attackers.

In this case it is almost certain RSA was not the prime target but a means to provide a key to unlock the defences of western aerospace and defence companies.

Another significant development has been the proliferation of attacks designed to exploit industrial control systems.

These systems are key to the operation of a wide variety of industrial processes, including power generation and distribution, transport networks and other critical industries.

Previously these systems were separated from corporate networks, but the drive for efficiencies, automation and better customer service are driving towards widespread networking of these industrial processes with consequent exposure to new cyber attack vectors.


Raising awareness
What is the significance of these developments? Firstly, they are all raising awareness at the corporate level of the new and emerging risks that many organisations in many different industries are facing.

Secondly, they are prompting questions about how these organisations can be protected against the potential damage and disruption of a cyber attack.

Increasingly, security is seen as a corporate risk, no longer the sole preserve of the IT Security Officer or CISO.

Corporate leaders need to understand how they can protect their organisations against the increasingly sophisticated or persistent attacks that can cause such damage.

For those of us working in the security industry the real challenge is defining and communicating an effective strategy which provides the assurance sought by senior executives that the risk is under control.

However, there is no simple solution to this problem: there is no single product, system, policy or practice which can deliver the certainty that many are seeking.

Effective mitigation requires a range of measures, controls, policies which are configured to manage the specific risks faced by an organisation but the challenge is to present this as a coherent package or strategy which resonates at the senior level.