Mitigating the Cyber Security Threat

C2S engages with the leading figures in cyber security. Our cyber security policy echoes the best from the world leading academics in cyber risk insurance calculations, the UK’s National Cyber Security Centre and the world leading security solution providers like Sophos.

Our short to-do list

  • Access Control – Clever ways to make sure it’s the right people getting access.
  • AI – Cleverer ways of making sure what’s going on is supposed to be going on.
  • Filtering – An old term but it covers everything from Firewall rules, whitelists and blacklists.

Redundancy – there’s no point “resting on your laurels” after the act. Crime and prevention have a long history. It is a cat and mouse game. While we create stronger and more resilient security technology, criminal and other “cyber actors” create cleverer ways of breaking in. Redundancy is the solution. We must anticipate the worst and be prepared for it.

The long to-do list

We are pleased to be able to reproduce two pages from Solving Cyber Risk. If you want to know how money is spent on cyber security and how it should be spent (Yes – they’re different!) Please click here for the most informed data collated by leading insurance experts and the Cambridge University Centre for Risk Studies.

For readers who really need to understand cyber risk rather than outsourcing it to consultants like us we recommend starting with this book: Solving Cyber Risk. By Andrew Coburn, Éireann Leverett and Gordon Woo.

 

Solving Cyber Risk

From Solving Cyber Risk. Andrew Coburn, Éireann Leverett, Gordon Woo. Page 269-270.

Cost Effective Technologies

The Ponemon Institute published an anonymized survey of a sample of 1254 large organisations spread across a broad range of 15 industries1.

Information was gathered on corporate expenditure on cyber security technologies, as well as the costs of cyber-crime.

These are costs to detect, recover investigate and manage the incident response. Also covered were the costs that result in clean-up activities and efforts to reduce business disruption and the loss of customers. From this survey the following five technologies emerged as the most cost effective. In order of decreasing returns on investment they are listed as follows:

    1. Security intelligence systems make use of approved white lists and blacklists, provide a baseline of known and authorized applications and processes on the network and their attributes, support work flow and remediation, and report when unauthorized systems are detected.
    2. Advanced identity and access governance help protect access to applications and resources enabling additional levels of validation such as multi-factor authentication and conditional access policies. Monitoring suspicious activity through advanced security reporting, auditing, and alerting helps mitigate potential security problems.
    3. Automation, orchestration and machine learning enable users to gain efficiencies across their hybrid environments and provide operators and analysts with intelligent decision support, further increasing productivity.
    4. Extensive use of cyber analytics and user behaviour analytics facilitates the tracking, collecting, and assessing of user data and activities using monitoring systems. They analyse historical data logs to identify patterns of traffic caused by user behaviour both normal and malicious and provide security teams with actionable insights.
    5. Advanced perimeter controls are desirable because the perimeter is becoming fuzzy. Any sort of computing device may become part of the perimeter itself and many of these devices are mobile. The network perimeter has become a dynamic, changing barrier. The systems that interact with the network perimeter make this network dynamic.

Apart from these five technologies, lesser returns on investment are obtained from

  1. The extensive deployment of encryption technologies
  2. The extensive use of data loss prevention
  3. Enterprise deployment of governance, risk and compliance
  4. Automated policy management

These rankings return on investment maybe compared with rankings by actual corporate expenditure.

The technology rankings by actual expenditure are:1

  1. Advanced perimeter controls
  2. Advanced identity and access governance
  3. The extensive use of data loss prevention
  4. The extensive deployment of encryption technologies
  5. Enterprise deployment of governance, risk and compliance
  6. Automation, orchestration and machine learning
  7. Security intelligence systems
  8. Automated policy management
  9. Extensive use of cyber analytics and user behaviour analytics

The results may be a surprise to many of those who make cyber security investment decisions. It turns out that there are significant differences in rankings. Most money was spent on advanced perimeter controls which are ranked fifth in terms of cost effectiveness. Most cost-effective were security intelligence systems, which are seventh in expenditure.

Reference: 1. Ponemon Institute. Cost of Cyber Crime Study: Insights on security investments that make a difference. Accenture report; 2017.