1. Nearly half the global Fortune 500 rely on RSA’s solutions for
threat detection and response, identity and access management,
fraud prevention and Governance Risk and Compliance.
BUSINESS DRIVEN SECURITY
Find out how we can help at www.rsa.com
Stayingonestepahead
ofthehackers
JeremyKingadvises
howtoprotectyour
organisationagainst
cybercriminalsP2
OCTOBER 2016
AN INDEPENDENT SUPPLEMENT DISTRIBUTED IN THE GUARDIAN ON BEHALF OF MEDIAPLANET WHO TAKE SOLE RESPONSIBILITY FOR ITS CONTENTS
CybersecurityFUTUREOFTECH.CO.UK
WHY BE CYBER
SECURE?
TalalRajaboftechUK
outlinesthebusinesscase
forcybersecurityP6
PHOTO: NEIL HANNA
2. 2 FUTUREOFTECH.CO.UK MEDIAPLANETAN INDEPENDENT SUPPLEMENT BY MEDIAPLANET
Jeremy King
International director,
PCI Security Standards
Council
READ MORE ON FUTUREOFTECH.CO.UK
Piers Wilson
How to tackle the
cyber security
skills shortage
P4
Diversity of
skills
JohnButtriss
echoestheneedfor
skillsandhighlights
theimportanceof
diversity P5
Infographic on
cyber resilience
Four cyber security
frameworks all
organisations should
have in place
IN THIS ISSUE
Staying one step ahead of the hackers
It’s hard to keep up with the cyber criminals so organisations must do more to protect
themselves, says Jeremy King, international director at the PCI Security Standards Council
Please recycleFollow us facebook.com/MediaplanetUK @MediaplanetUK
Senior Project Manager: Henry Worth E-mail: henry.worth@mediaplanet.com Content and Production Manager: Henrietta Hunter
Business Development Manager: Dominic McWilliam Digital Content Strategist: Chris Schwartz Managing Director: Carl Soderblom Social Media Coordinator: Jenny Hyndman
Designer: Juraj Príkopa Mediaplanet contact information: Phone: +44 (0) 203 642 0737 E-mail: info.uk@mediaplanet.com
Agovernment sur-
veyrevealsthat90
per cent of large
organisations and
74percentofSMEssuffereda
cybersecuritybreachin2015.
The problem is getting
worse, and UK compa-
nies that don’t attempt to
tackle it face EU fines from
2018 which could total
£122bn a year.
Ideallyachiefinformation
officer should be sitting in
every boardroom to explain
theriskstothebusiness.
We also need more collab-
oration between companies
to share security informa-
tionandexperiences.
The risks are real. We are
seeing more phishing at-
tacks on business and it on-
ly takes one employee to be
caught out for criminals to
installmalwareandstealval-
uabledata.
Old malware viruses are
slipping through the net
again because of the huge
volume of threats being
monitored.
Ransomware attacks that
stop organisations accessing
their own data unless they
payarealsoontherise.
Companies need to train
theirstaffonthepersonaland
business implications of a se-
curity breach.It is important
to remember that around 10
per cent of breaches come
fromaninternalsource.
Crucially organisations
must find time to upgrade
their systems to ensure the
security and payment soft-
ware they are using is the
mostup-to-date.
Cyber hacking is not
just a problem for large
companies. SMEs can
suffer too and should
seek guidance on how to
protect their systems.
Every business should
have a robust incident re-
sponse plan and test it regu-
larly. Consumer confidence
and the share price can fall if
abreachishandledbadly.
There are massive skill
gaps in the cyber security
industry so it is good to see
more universities offering
relevant courses and com-
panies offering apprentice-
shipstoincreaseexpertise.
The battle against the cy-
ber criminals will be a long
one but it is a fight everyone
mustplayapartin.
@MediaplanetUK
3. Disposable data – the invisible vulnerability
Transitory information such as engineering development work, component orders and
marketing campaigns must not be overlooked by security systems
C
yber security
systems tend to
focus on databases,
the big, immovable
assets such as
customer information, but every
corporation also relies on work-
in-progress data that is just as
vulnerabletocyber-attack.
Information about current pro-
jects such as roadmaps, enginee-
ring proposals and marketing
campaigns are often of vital im-
portance but because they are
transitory they can slip through
thesecuritynet.
“Increasingly if you look at cri-
tical information assets these
things tend to turn up in all sorts
of strange places and the exa-
mple of a marketing campaign is a
good one,” says Steve Durbin, ma-
naging director of Information
Security Forum. “I often use the
example of a well-known smart-
phone manufacturer who eve-
ry year has a product launch that
is industry changing. In the run-
up to that launch there is a high
level of security around the mar-
keting campaign which, if the
information were to fall into
the wrong hands, would have a
significantimpactonthelaunch.”
After the launch, of course, that
information is worth nothing but
this must not be used as an excuse
torelaxsecuritybeforehand.”
The problem is exacerbated by
the urgency of such events, the
large number of people working
on them and the need to collabo-
rate with external consultants
and others.
“The challenge is how to
secure that transitory informa-
tion, some of which is shared
with outside organisations,”
Durbin points out. “Step one is to
identify the asset and its impor-
tance. Then you have to look at
it through every stage of its life
cycle from creation to destruc-
tion.You have to identifywhere it
travels andwho accesses it.”
In today’s global manufactu-
ring environment this can be
incredibly complex. That smart-
phone company, for example, de-
signs its products in California
and sends out the engineering
information all over south east
Asia for components to be sup-
plied to China for assembly. Even
order numbers are of interest to
competitors and journalists.
Controllingaccesstothisvastflow
of data may be a life or death mat-
ter for the company. “Information
is incrediblyvaluable - in the Stan-
dard and Poors companies, more
than 80 per cent of their assets are
intangible,”Durbinpointsout.
Steve Durbin
Managing director, Information
Security Forum (ISF)
By Chris Partridge
COMMERCIAL FEATURE
For more information, go to
securityforum.org
Whyyourcybersecurityismoreimportantthanever
SMEsshouldn’tfoolthemselvesintothinkingtheyareimmunefromcyberattacks,saysAlanCalder,CEOofIT
Governance.What’smore,thepenaltiesforpoordataprotectionareabouttogetmuchtougher
Y
ou don’t have to
be a big company
— such as Yahoo,
MySpace,Talk Talk or
LinkedIn — to expe-
rience a big data breach.Small and
medium-sized companies are also
atrisk.
“Attackers know that SMEs
have less money and fewer
resources to spend on IT,” says
AlanCalder,CEOofITGovernance,
a global provider of ITgovernance,
risk management and compliance
solutions.“By targeting them they
can get relatively easy access to
the SMEs’ own assets and those of
theircustomers.”
All organisations should tighten
upthreeareaswheretheyaremost
vulnerable: their people, their
people and their technology. “You
can switch on a firewall and pro-
tect yourself with anti-malware,
but that’s only one part of the
security story,” says Calder. “At-
tackers will also target individual
employees because they can be
fooled into giving up passwords
and clicking on links; and they
will exploit a company’s poor pro-
cesses, such as being allowed into
the CEO’s office on the pretext of
delivering a parcel. Once they’re
inside, they can put a USB stick
into a workstation and upload or
downloadwhatevertheywant.”
Protecting your business
Two years ago, the government
launched an affordable cyber
protection scheme called Cyber
Essentials — a set of basic controls
that could prevent around 80 per
cent of common cyber attacks.
Certification is awarded on the ba-
sisofaverifiedself-assessment.
“Cyber Essentials is an inexpen-
sive way to get and demonstrate
IT security compliance,” says
Calder. “More complex organisa-
tions should attain certification
to ISO 27001 which deals with
information security manage-
ment. A number of governments
around the world require organi-
sations to be ISO 27001 compliant
beforetheyareawardedcontracts;
and it’s increasingly required of
suppliers of large organisations’
suppliers,too.”
There’s another reason that se-
curity is such an important area
for any business. In May 2018, the
new EU General Data Protection
Regulation (GDPR)will apply.This
newlawwillrequireorganisations
to have systems and processes in
place to protect the personal data
ofEUresidents.
“Critically, it will give citizens the
right to bring legal action against
organisations that mistreat their
data, and to be awarded damages
that have no ceiling,” says Calder.
“Administrative fines can also be
levied,equivalentto20millionEu-
ros or 4 per cent of global turnover.
It’s worth emphasising that the
GDPR applies to EU residents’ da-
tawhereveritisprocessed,soorga-
nisationswillneedtocomplywith
the law irrespective of where they
are based. Brexit won’t exempt or-
ganisations that operate only in
the UK, either — according to the
Information Commissioner, the
GDPR will very likely apply before
weleavetheEU.”
Alan Calder
CEO, IT Governance
By Tony Greenway
COMMERCIAL FEATURE
4. 4 FUTUREOFTECH.CO.UK AN INDEPENDENT SUPPLEMENT BY MEDIAPLANET
Security skills are in short supply
It follows that more highly-skilled work-
ers in cyber security roles will help the UK
respond more robustly to the threats it fac-
es. This has created a race for security tal-
ent with security now representing 15 per
cent of UK-based IT roles. Unemployment
intheprofessionisreportedaszero.A10per
cent increase in demand is forecasted each
year to 2020. More open-minded employ-
ers are proactively seeking to convert black-
hat hackers for their talent (despite the ob-
vious challenges in doing so) and universi-
ties have responded to demand with over
700 cyber security degrees now available in
theUK.Clearlysecurityprofessionalshavea
highvalueinthecurrentmarketplace.
But cyber security is not a homogenous
landscape and this exacerbates the chal-
lenges of cultivating the required skills.The
workforceisundergoingaresultingshiftto-
wards professionalisation and is beginning
to understand, align and grow the most
needed skills to counter the threats faced.
Businesses and employees alike are clearer
on the skills they need and cognizant of the
needtolearnanddevelopcontinually.
Continuous development is no
longer optional
As a new pipeline of talent is established,
existing security professionals encounter
Theimportance
ofkeepingcyber
securityskillssharp
With so much of people’s lives online, there is
a significant responsibility for organisations to
safeguard personal data. The public awareness of
cyber security is growing from the regular coverage
of attacks in the media. And the truth is every
organisation is vulnerable; 100 per cent defence is
not possible against the ever-changing threats
By Jon Buttriss
Piers Wilson
Director, Institute of Information Security Professionals
INSPIRATION
1
2
3
4
5
Read more on futureoftech.co.uk
Larger employersshould introducerele-
vantapprenticeshipsandrecruitpeoplefromdif-
ferentsectorswhohavetransferableskills,such
asbehaviouralscienceexperts,psychologistsand
thosewithanintelligencebackground
Companies must be honestabouttheirin-
housesecurityexpertiseandunderstandwhich
tasks,suchaspenetrationtesting,theyneedto
outsource
Employees must be made awareofthe
risksfromphishingscamsandthepotentialim-
pacttothebusinessofclickingdangerousweb
links
Companies should proactively educate
theircustomerssotheyandthebusinessarepro-
tected
Those at the top of an organisationneed
tobefullyinformedaboutthecybersecurityrisks
sotheyappreciatetheneedtoinvestadequately
inthespecificskillstheirbusinessmightneed.
How to tackle the cyber
security skills shortage
PiersWilson,director at the Institute of Information Se-
curity Professionals,reveals fiveways companies can re-
act to the dearth of cyber security experts.
EXPERT TIPS
5. MEDIAPLANET 5AN INDEPENDENT SUPPLEMENT BY MEDIAPLANET
Fresh competition. There is a new generation of digitally-native recruits, so established
professionals must balance experience with an ongoing investment in learning new skills
fresh competition. This new genera-
tion of digitally-native recruits have a
different skill-set and have grown up
accustomed to today’s pace of techno-
logical change. More established pro-
fessionals need to balance experience
with an ongoing investment in learn-
ing new skills. There is also an ethical
dimension, as it’s only through life-
long learning that security profession-
alscancontinuetoservethepublicand
protectagainstevolvingthreats.
Diversity of skills is key
Yet it is not easy for professionals and
potential entrants to navigate the web
of skills and competencies required at
each stage of their careers. Organisa-
tionsandthechallengestheyfaceareall
sodifferentandsotheskillsrequiredare
far from uniform. The various special-
isms that sit under the umbrella of se-
curityallhavetheirownrequirements.
The skills required of cyber securi-
ty professionals are broad yet deep; a
broad grounding across the piece with
aT-shape of deeper knowledge to com-
plement the breadth i.e. a depth of
knowledge in one or more specialisms.
Yet technical expertise in isolation is
not enough. It needs to be backed up
by communication, influencing and
commercialskills.Asuccessfulsecurity
professional will understand and dem-
onstrate the contribution of security in
achievingwidercorporategoals.
Without doubt we will need to stay
mindful of the diversity and fast-
changing nature of the cyber threat
whenevaluatingnecessaryskills.Buta
greatersupplyofnewtalentandacom-
mitment from across the profession to
evolve continuously will help us to
keeppacewiththechangingthreats.
Jon Buttriss
CEO, BCS Learning
& Development
Read more on
futureoftech.co.uk
PHOTO: THINKSTOCK
6. 6 FUTUREOFTECH.CO.UK MEDIAPLANETAN INDEPENDENT SUPPLEMENT BY MEDIAPLANET
LEGAL“Withinaveryshorttimeofthedis-
coveryoftheYahoo!breachtherewereatleast
twoclassactionsuitsfiledinCaliforniaandwe
canexpectthistrendtocometoEuropesoon.”
REGULATORY “We are going to see tight-
er regulations around breach notification and
security by design.Personal privacywill need
to be addressed as the GDPR comes into force
in 2018.”
INCREASING VALUE OF DATA“Cyber
criminalsknowthatdata,especiallypersonal
andmedicalinformation,hasavalueandcan
bemonetisedquickly.Theyaregettingmore
skillfulandwewillseethatthreatincreasing.”
INTERNET OF THINGS“Peoplewilltake
companyinformationhomeanddisplayiton
devicessuchassmartTVsthatareconnectedto
theinternetviapotentiallyinsecurerouters.”
USER PRIMACY “We have reached an era
when the end user is king in determining
how information is accessed and shared.
Corporations need to be more prescriptive
maybe,but also more imaginative in control-
ling their data.”
Steve Durbin
Managing director,
Information Security Forum
Cyberspace–the
emergingthreats
INSPIRATION
COLUMN
The question is not if a
company will face a
cyber attack, but when.
The UK is the most cyber-
attacked country in Europe
and the second-most assailed
in the world, with attacks up
40 per cent in 2014,according
to Symantec. Despite these
figures, and an increasing
reliance on the internet to
conduct business, security
still does not get the level of
attention it deserves.Wheth-
er due to the mispercep-
tion of cyber security as
merely a function of the IT
department, or the myth
that a business is too small
a target for a cyber-attack,
many organisations lack a
unified and coherent cyber
security strategy.
At the same time, the tools
to launch a cyber-attack
are easily available on the
dark web and simple to uti-
lise. In fact, ‘cyber-crime as
a service’ has become a new
business model for organ-
ised criminal gangs, with
those operating on the dark
web developing products and
services for other criminals
to use. Cyber-crime is a low
risk, high reward endeavour
for bad actors. The combina-
tion of these factors means
it is a case of when, not if, a
company will be attacked.
Recent research from
Equinix found that that 7
out 10 companies in the UK
do not feel prepared against
cyber-attacks. Businesses,
especially SMEs, must ac-
cept that cyber security pre-
cautions are an inherent part
of doing business in today’s
digital world and prepare
themselves accordingly.
Protecting your business
against the most common
forms of attack does not
need to be an expensive ex-
ercise. Our research shows
that the most common vul-
nerabilities are ones we’ve
known about for a long time
and can be easily overcome.
Things like strong passwords
and basic security protocols
are unfortunately often ne-
glected, making companies
an easy target for attack. As
all businesses across the UK
become ever more reliant on
web-based tools this mind-
set must change.
SMEs are often targeted be-
cause they are less likely to
have these security measures
in place, or even be aware
they are at risk. Any compa-
ny that stores data online is
vulnerable to attack, and
must take security precau-
tions. A good first step is to
follow the government sup-
ported Cyber Essentials
scheme, which provides a
cost effective method of get-
ting the basic cyber security
foundations in place.
Many breaches stem
from the fact that staff are
not aware of best practice
which means that training
and awareness are crucial.
Checks that should be stand-
ard across every company
include good password
protocols, regular updating
of software and regular back-
ups. These measures are
essential whether you’re
a one man band or a
multinational enterprise.
SMEs can also take ad-
vantage of the cyber securi-
ty SME voucher scheme, an-
nounced by the Government
last year. The vouchers offer
micro, small and medium
sized businesses up to £5,000
for specialist advice to boost
their cyber security and pro-
tect new business ideas and
intellectual property.
By making a few small,
and cost efficient changes,
small companies can drasti-
cally reduce the risk of falling
victim to a cyber-attack, and
in the process protect their
customers, their business
and their reputation.
Talal Rajab
Head of programme – cyber
and national security, techUK
Cyber governance and partnering
The organisation should have an effective governance
framework for monitoring cyber activities, including
partner collaboration, and the risks and obligations in
cyberspace.
Cyber situational awareness
The organisation should have a process for
gathering,analysing and sharing of cyber intelligence.
Cyber resilience assessment
The organisation should have a process for assessing
and adjusting their resilience to the impacts from past,
present and future cyberspace activity.
Cyber responses
The organisation should effectively prevent, detect and
respond to cyber incidents and minimise their impacts.
A
B
C
D
By Talal Rajab
Thebusiness
caseforcyber
security
7. Cyber attacks can cripple
even the most security-
conscious businesses
Last year, a major European mobile
telecoms provider lost more than
100,000 customers in the wake of a
cyber attack in which customer da-
ta, including payment details, was
lost. The event cost the company
£60m and severe damage to its rep-
utation.
More recently, we learnt that In-
ternet giant Yahoo! Suffered an at-
tack back in 2014 which resulted in
the loss of the emails, passwords
and other personal details of a stag-
gering 500 million people world-
wide. The crime was only discov-
ered when the list was offered for
sale online inAugust thisyear.
We are increasingly learning
that there are no borders in cyber-
space. Hackers can emerge any-
where, though certain govern-
ments appear to be more tolerant
of their presence than others. Like-
wise, global operations face simi-
lar threats wherever they do busi-
ness, though different regulatory
and business environments mean
the fallout from a successful attack
varies, according to Tim Stapleton,
Chubb’s international vice presi-
dent for cyber and technology at
the insurance giant.
“Exposures are similar across the
board - everyone is worried about
malware, viruses, human errors,
programming errors that can lead
to significant downtime,and many
are worried about people getting
into their network and stealing
valuable customer information,”
Stapleton says.
“Depending on what country
you are in, some companies might
say that is a risk they are prepared
to take up without an insurance
backstop. This may be because the
legislation doesn’t compel them to
notify individuals that their infor-
mation has gone out the door or
perhapstheycantakeitonasagen-
eral business risk. However, this is
set to change.”
Regulation is being tightened
up around the world, especially
when it comes to personal data.
In the UK, fines have so far been
modest but this is set to change.
The European Union’s General Da-
ta Protection Regulations (GDPR)
in particular make it an offence
to allow personal data held in cor-
porate databases to fall into the
hands of third parties without the
express permission of the person
concerned, whether it is by a data
breach or by selling the data.
“More and more, compa-
nies need to be mindful of the
changing environment. As GDPR
rules come into effect in Europe
we will see significant fines for
non-compliance,” Stapleton says.
“The response is critical, and com-
panies need to show they have
been taking the right measures to
counter cyber attacks.”
The good news is that over the
last few years the insurance in-
dustry has amassed considerable
actuarial data on cybercrime and
this has helped to deliver more ac-
curate pricing of risk for clients.
Leading cyber insurers have been
evolving their solutions away from
a simple insurance policy to a more
comprehensive enterprise risk
managementsolutionthatincludes
accesstospecialistriskengineering
services that help to control and
mitigatelossesbeforetheyoccur,as
well as expert support that is ready
to spring into action to help when
theworst happens.
“We have established a cyber in-
cident response platform where
our cyber customers can access
critical resources, including foren-
sics, legal, PR, and fraud remedia-
tion, to manage through a cyber
event”, says Stapleton. “It is crucial
to recognise that cyber events will
occur. The way in which compa-
nies prepare and respond to those
incidents will have a major impact
on public perception.”
“Once an organisation finds they
have an incident, they will have to
start taking action and that will re-
sult in extra costs,” he adds. “They
mightneedaforensicexamination,
and to bring in a lawyer to deter-
mine what laws or contracts may
have been breached. They might
want to engage a public relations
firm if the event goes public. They
might need access to a call centre
if enough people might have been
impacted. And they might need
fraud remediation services.”
A good policy will also cover
continuing expenses, which in
some cases can linger for years af-
ter the initial attack. “In respect of
third parties, the insurer may also
pick up the company’s liability for
wrongful exposure of personal in-
formation and corporate informa-
tionthatisprotectedbynon-disclo-
sure agreements. Insurance may
also cover legal costs incurred as a
result of regulatory enforcement
action,” Stapleton explains.
All these things are the poten-
tial direct costs of a cyber attack,
but victims often also suffer from
disruption to their business while
management concentrates on re-
covering from the assault.
“Companies may also need to
have cyber business interruption
cover to mitigate these losses,” Sta-
pleton warns. “The fallout from cy-
berattacksisonlygoingtogetmore
severe in the future.”
Given the rapid evolution of the
risk environment along with in-
creasing regulatory and legal scru-
tiny, it is therefore important that
companies fully embrace an enter-
prise approach to cyber risk man-
agement, he says. “When deciding
whether to purchase insurance as
part of a cyber risk management
framework, companies should
alignwithaninsurancecarrierthat
not only provides an insurance pol-
icy, but immediate access to both
pre- and post-loss services.”
Gainpeaceofmind
incyberspacethrough
insurance
By Chris Partridge
Read more on
www2.chubb.com
COMMERCIAL FEATURE
Tim Stapleton
international vice president for
cyber and technology, Chubb
8. The workspace is becoming
more mobile and collaborative.
But this means organisations
face new cyber security
challenges, says Matthew
Gyde, Group Executive -
Security at Dimension Data.
In recent years, technology has
enabled the traditional workspace
to change — and change dramati-
cally. “We’re seeing a move away
from formal office spaces with
desks and computers,” says Gyde.
“Increasingly people are working
remotely,eitherfromhomeorfrom
other environments.” Plus, in the
office,manyorganisationsarelook-
ing to develop more agile ‘collabo-
ration spaces’ for temporary teams,
with wireless on demand and
all-important connectivity to aid
information sharing.
Millennials — generally
described as the generation born
between 1982 and 2000 — are the
ones who are driving this trans-
formation, says Gyde. “Organisa-
tions know that to bring young,
energetic, different-thinking peo-
ple into the business, they have to
differentiate themselves from the
competition,” he points out. “And
they’ve realised they can do that by
enabling the workspace for tomor-
row.” Millennials are pushing the
envelope in terms of turning an
outside-of-work environment in-
to a workspace says Gyde. “They
believe they can be more produc-
tive and collaborate more effective-
ly by using the devices of their own
choice, and not simply an enter-
prise-given laptop or phone.”
Security
The security implications of these
changes are enormous; but organ-
isations must be ready to embrace
them because they’re not going
to go away. Dimension Data com-
missioned research firm Frost &
Sullivan to produce a white paper
called Securing Workspaces for
Tomorrow — published in Octo-
ber — to look at the role of cyber
security in accelerating digital
businesses. “Frost & Sullivan found
that 1.5 billion workers will be
responsible for work that doesn’t
confine them to a desk by 2025,”
says Gyde. “They also found that
the Internet of Things (IoT) is
gaining ground and believe 80 bil-
lion connected devices will be in
use globally by that time. So the
question is: ‘As an enterprise, how
do you evolve your security strate-
gy platforms to deal with workers
who aren’t necessarily operating in
a confined workspace, and who are
removing devices from it?’”
The good news is that Gyde thinks
more companies understand what
this tech-enabled transformation
entails—andaredoingitwell.“Secu-
rityneedstobebuiltintothestrategy
ofanorganisation,”hesays.“Experts
aren’t simply looking at how they
can put layers of security in place to
protect a single working location.
Nowtheyknowtheymustwidenthe
scope to protect everything from the
application and the data to the user
and their devices.The way endpoint
device protection is being designed
is a lot more comprehensive, for ex-
ample:it’snotnecessarily signature-
basedanymore.”
Risks
The kinds of risks and attack
scenarios that modern enterpris-
es face are many and varied. “The
scale of the attacks has increased
because information sharing
between enterprises is more com-
monplace,” says Gyde. “Organi-
sations were siloed in the past,
but will now partner up with the
clients, suppliers or even
competitors to work on a project
and share data.”
The Internet of Things opens
another can of worms, says Gyde,
noting that an internet-connected
fridge has even been used as part
of a DDOS (distributed denial-of-
service) attack. “Internet-con-
nected devices could potentially
become threats to the devices
around them. So when organi-
sations are thinking about the
construction of their security,
they have to take IoT into account
and understand the behaviour of a
particular sensor in a particular
devicesothatcontrolscanbeputin
place around it.”
Evaluation
All of this means — or should mean
— that a company’s ‘tick box’ an-
nual cyber health check is a thing
of the past. “Organisations should
be constantly evaluating their se-
curity, such as older systems and
platforms which need to be
brought into this modern world of
transformation innovation/differ-
ent workspaces,” says Gyde. “That
doesn’t necessarily mean that a
very expensive third party has to
be brought in to do it. It could be
carried out by teams within the
organisation. For instance, I’m a
big advocate of cyber ‘war games’
which can be used as an inter-
nal motivational tool and also as
a network stress-test. One of our
clients constantly performs
cyber ‘fire drills’ which I think is a
great idea.”
Gyde thinks that this is a
challenging but exciting time to be
intheenterprisecybersecurityare-
na. “Because the workspace is
changing, organisations have had
to re-examine their security pos-
tures and critical protections,” he
says. “It’s meant that security pro-
fessionals have had to become in-
ventive in this space again.They’re
using different technologies in dif-
ferent ways to identify what it is
they want to protect — rather than
trying to protect everything.”
Cybersecurityinthe
workspacefortomorrow
By Tony Greenway
Read more on dimensiondata.
com/secureworkspaces
COMMERCIAL FEATURE
Matthew Gyde
Group executive - Security,
Dimension Data
PHOTO: DIMENSION DATA