At the beginning of every new year, it is the time for predictions and NTT Group have been sharing their thoughts on what will affect the business world over the next year or so (here). In particular, they have focused on digital transformation and the impact this is having on how we work, live and play. However, we mustn’t lose sight of the basics, as we build our resilient cyber defence architecture. The digital agenda is a pressing one for all businesses and one that they cannot afford to ignore – the customer is king and the General Data Protection Regulation (GDPR) puts increased pressures on the board to ensure that not only business data is secure but personal data too. So, while we stand by our predictions, it is also advisable to reflect on some of the basics that we continually see overlooked by organisations as they try and protect their business from constantly evolving cyber threats: 1. Assess the baseline With an increasing focus on “platforms”, it is crucial that this fits into a resilient cybersecurity architecture and to ensure efficiency in reducing potential threats and vulnerabilities. Performing a baseline assessment will ensure the correct security foundations are in place to help you get the best from your security investments. 2. Scan the environment One of the most important basic practices is vulnerability scanning but running a vulnerability scan on its own is not enough. The results should be analysed and assessed against your critical assets. This approach ensures that risks are put in context and valuable resources are focused on mitigating the right risk. 3. Plan for a breach Incident response plans are critical for minimising the impact of a breach. Complex cyber threats are difficult and time-consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. By having a well-defined plan, and testing it regularly, as well as recognising that security incidents will happen, organistions will be better prepared to handle incidents in an effective and consistent way. 4. Collaboration Most business recognise the shortage in cybersecurity skills and the industry as a whole is collaborating more. We work closely with our technology partners and industry and government bodies to share intelligence. We now focus on prediction and prevention to get ahead of the potential threats. Collaboration will allow businesses to actively manage the threats before it impacts them. 5. Support the basics Clearly it is now on the board’s agenda but we need to ensure that everyone is aware of the risks. It is everyone’s responsibility in our digital economy to be responsible for cybersecurity. This is why we support training and education programmes to ensure that everyone supports the basics of cybersecurity. 6. Reduce the noise There is the potential for huge amounts of data to be collated and analysed across the enterprise. Focus should be on the quality of this data and the reduction in false positives. Too often organisations are drowning under the wealth of un-actionable security data. Technologies aren’t configured correctly or are simply too complex to manage effectively. Configuring, tuning and managing the security technology either directly or through a trusted partner is also a basic requirement that many organisations are failing to master. So, while we always start to look forward at this time of year, we should not lose the lessons of the past and ensure that we get the basics right. About NTT Security: NTT Security is the specialised security company and the centre of excellence in security for NTT Group. With embedded security we enable NTT Group companies (Dimension Data, NTT Communications and NTT DATA) to deliver resilient business solutions for clients’ digital transformation needs. NTT Security has 10 SOCs, seven R&D centres, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents. Guest Blog written by Garry Sidaway, SVP Security Strategy & Alliances, NTT Security
0 Comments