With cyber attacks set to increase in frequency and complexity throughout 2015, organisations must adopt more sophisticated risk assessment and mitigation tools to counter the mounting risks to the security of their data, IT security figures have warned.
The market researchers Gartner, in its list of top 10 strategically important technology trends for organisations in 2015, has identified a need for businesses to adopt a risk-based approach to security and self-protection in the coming year. According to the analysts, businesses should recognise that it is not possible to provide a 100 per cent secured environment, calling for a more dynamic and self-aware approach.
Andy Taylor, CLAS (CESG Listed Advisory Scheme) Consultant & Lead Assessor, APMG, said: “With 2015 upon us, organisations will have to be on red alert as cyber threats become evermore advanced and the frequency of these threats increases. Blackmail, denial of service and similar attacks based on cryptoware will doubtlessly increase in frequency and complexity in the coming year with financial targets as a primary focal point. At the same time we will likely see more state-sponsored and terrorist-driven activity with perhaps industrial control systems being the main target. The linkage between main computer systems and the Internet of Things means that this threat must be addressed much more effectively than it has up to now. Despite some notable victories in 2014, law enforcement agents are not likely to win in the longer term without the support and education of businesses and individuals alike.
“Cyber security is no longer just a scaremongering buzz word – there is a great deal of industry support and guidance out there for individuals and organisations. The CESG Certified IA Professional scheme (CCP) enables organisations to identify the necessary skillsets and the competent individuals who hold them. Whilst the latest addition to the cyber resilience training armoury – the CESG Certified Training scheme (CCT), provides reassurance and evidence that cyber security technical training has been assessed against stringent CESG criteria and meets their rigorous standards.”
Martin Huddleston, Principle Cyber Solutions Architect, of Ministry of Defence trading fund the Defence, Science and technology laboratory (Dstl), added: “The way in which companies address these threats will need to evolve – and quickly. Assessing their capabilities and competencies in all respects is a much more effective way of dealing with the new style of threat and this can be done on an almost routine basis using capability assessment tools – like the Cyber Defence Capability Assessment Tool (CDCAT®) developed by Dstl on behalf of the MOD. The battle against the criminals looking for instant/quick wins can be won by competent organisations, which utilise appropriate tools and appoint the right person to be their first line of defence.
“We are seeing competent organisations reacting in a much more nimble manner to counter the mounting cyber threats, and would advise others to follow suit. But rather than trying to stop everything at the boundary of the organisation – which could ultimately render an organisation unworkable – security officers should be monitoring their internal workings more proactively and reacting to attacks in a much more dynamic manner in 2015.”
