Cyber security in 2024 – A short overview for a firm’s management team from 3Kites
3Kites has recently undertaken system/service selection projects which have included helping firms to select security partners, SOCs and SIEMs. With new acronyms to grapple with, and a significant additional IT spend being requested by IT Directors, we provide here a short overview of the changes taking place in cyber security and the impact that professional service firms might expect from these. There’s a lot to cover, so let’s get started:
“Traditional” IT/cyber security
We have become familiar with the cyber security provisions that have been in place for a number of years, including items such as complex passwords, firewalls, antivirus applications, VPNs, device/data encryption, software patching, training and blocking access to items such as USB pens and websites that breach a firm’s policies. Some firms have taken the decision to formalise their approach with accreditation such as ISO 27001 and Cyber Essentials +. At the very least, we recommend firms complete the Cyber Essentials check list which, in our experience, often highlights areas where cyber security can be improved.
As the risks firms face become more sophisticated, the ability to ensure your systems remain secure becomes considerably more complicated. With the increase in security solutions and associated companies to implement and monitor these, how do you know the difference between what you need in place and what (based on a risk assessment) you want?
An overview of some of the solutions outside of the “traditional” security model?
- Endpoint Protection – Guarding every device connected to your network, endpoint protection solutions offer real-time threat detection, malware prevention, and secure data encryption. With advanced endpoint security measures, you can ensure that laptops, desktops, and mobile devices remain secure against a number of threats. Think anti-virus on steroids.
- Identity and Access Management (IAM) – IAM solutions play a pivotal role in controlling and managing user access to sensitive information and applications, including robust authentication protocols, access controls, and privileged access management to prevent unauthorised access and protect critical assets.
- Security Operations Centre (SOC) – A SOC is a team (often provided by a third-party security firm) responsible for monitoring, detecting, responding to and mitigating cybersecurity threats. The primary goal of a SOC is to ensure the security of an organisation’s information systems and data by actively monitoring, analysing and acting on security events in real-time.
- Security Information and Event Management (SIEM) – SIEM is a system that combines security information management (SIM) and security event management (SEM) functions into a single, integrated platform. The SIEM system collects and aggregates log data generated throughout a firm’s technology infrastructure, from laptops and applications to network and security devices. SIEM analyses this data to identify patterns, detect anomalies and correlate events that may indicate potential security incidents or breaches. It provides a centralised view of a firm’s security landscape and helps SOC teams in monitoring, alerting and responding to security events efficiently.
- Incident Response and Forensics – In the unfortunate event of a security incident, rapid response and forensic analysis teams combine to investigate, contain and remediate the issue.
- Mobile Device Management (MDM) – A solution that secures and enforces policies on mobile devices, including laptops, tablets and mobile phones.
- DMARC – The long-winded ‘Domain-based Message Authentication Reporting & Conformance’ is an email security protocol which verifies email senders by building on a number of other security protocols. Its primary aim is to stop domain spoofing, e.g. emails that appear to be sent legitimately from a company’s email address.
That’s interesting but what do I need to do?
It is no longer enough to outsource cyber security to your IT team or a third party, a firm’s management team needs to have a broad understanding of these potentially existential risks and understand what steps are in place to address them. Whilst we would recommend your in-house team, ideally working with a third-party specialist, lead this approach, full responsibility should not be devolved solely to them.
The list above provides details on the solutions which are forming part of the “new” IT security model. These help tighten and enforce security controls as well as providing services to monitor and react to issues that may be discovered, ideally before a firm identifies an issue (or even worse) when a ransom or similar attack is raised to your firm. None of these options are full proof and, despite all the precautions put in place, your staff are still your greatest risk – appropriate and regular training is key to building the “human firewall”.
Implementing the options listed above will run into tens of thousands of pounds (increasing with a firm’s size), so understanding the likelihood of an issue and its impact is important to ensuring you consider solutions that match the risk you are trying to mitigate. This will help when speaking to suppliers as it will suggest which questions to ask and ensure that any solutions being considering are aligned to your specific needs.
3Kites can provide assistance in helping a firm to understand their risks, consider requirements to manage identified risks and help to choose the right solutions/security partner to meet the firm’s needs. With these solutions adding a considerable cost to a firm’s annuall IT budget, choosing the right solution not only reduces risk but can help save thousands of pounds each year.