How Foundational Controls Can Be Used to Help Fight Back Against Digital Security Challenges
On 26 March, the UK government unveiled its Cyber Security Export Strategy. The Department for International Trade (DIT) created this strategy to help the United Kingdom capitalize on the world’s ever-evolving digital security market.
In essence, the document lays the groundwork for deeper collaboration between the DIT and UK firms to export digital security products and services to other countries, including less mature “cyber” economies where buyers might still be unsure about how to best protect their digital assets.
Through the Cyber Security Export Strategy, the government hopes UK firms will be able to help foreign governments and private organizations with their digital security needs. Success with those international entities would not only elevate the reputation of UK companies in the digital security industry. It would also advance the United Kingdom’s mission to become one of the safest and most secure places to do business.
While the Strategy seeks to help other governments with their digital security needs, the UK government has yet to take any equivalent action that strengthens its own public sector’s defenses. That’s not to say the need isn’t there, however.
As reported by Public Sector Executive, UK organizations under government control lack adequate budget, resources and trained personnel to protect against digital threats. Together, these constraints prevent organizations from moving away from legacy platforms, investing the necessary time to achieve Cyber Essentials certification and achieving compliance with regulation frameworks.
They also hamper enterprises’ ability to build a security culture and deepen their workforce’s security hygiene, resources which are key in the fight against incidents like the May 2017 WannaCry outbreak.
Given these findings and challenges, it’s not surprising to learn British company Advanced found that 23 percent of UK public sector companies feel unprepared for a digital attack. Another study conducted by digital workplace provider Invotra revealed that 79 percent of IT managers in those organizations are most concerned about their systems’ data and security.
These worries understandably get in the way of public sector organizations in the United Kingdom utilizing technology to improve efficiency, drive down costs and transform services so that they are simpler, faster and clearer.
So, how can UK public sector organizations fight back against these issues?
Implementing foundational controls helps companies hone in on the cornerstones of their digital security postures. By emphasizing asset discover, security configuration management (SCM), log management, vulnerability management (VM), file integrity monitoring (FIM) and others, organizations get better bang for their buck, that is, better security with more efficient use of their resources and time.
This investment-cost justification usually comes from an easily integrated solution that provides better use of invested resources than “rip and replace” tools.
Foundational controls do much more than just save organizations money. In maintaining a dynamic inventory of known hardware/software and monitoring those assets for known vulnerabilities, security controls help companies better prioritize risk according to the business value of each device and program. At the same time, organizations can leverage log management to obtain granular information of what happens on their network, including the what, who and when of potential incidents.
They can then use that information to strengthen their defenses against the next attack. Lastly, enterprises shouldn’t forget that security controls can help them avoid heavy penalties imposed by the General Data Protection Regulation (GDPR) and similar frameworks for companies that neglect to properly safeguard their networks.