Matt Hancock on cybersecurity
The UK’s newly appointed Minister for the Digital Industries Matt Hancock gave his first speech on cybersecurity last month. Hancock is tasked with managing government policy towards the fast-growing digital and creative sectors, ensuring they continue to thrive. Speaking to an audience of businesses he acknowledged that the “vast majority of cyber attacks exploit basic weaknesses” and called on all organizations to prioritize “good basic cybersecurity.”
It’s encouraging that the Minister recognizes this problem because the fact is: the security industry has gone too far towards the bleeding edge in pursuit of new methods while neglecting some of the elementary principles. As a result, unsophisticated attacks increasingly succeed in breaching private and public sector organizations, even when they are protected by highly complex and expensive security systems. PWC has found 2015 saw a 38% increase in security incidents compared to the year before.
Rather than over-complicating cybersecurity, organizations need a way to accurately monitor endpoints and are able to quickly affect change. This basic principle is true even in highly complex, massively latent, or challenging network conditions. The Minister didn’t expand on why companies make these basic mistakes, but we hope that the UK’s new National Cybersecurity Centre, which is expected to open next month, will prioritize helping organizations address the errors that crop up time and time again.
Funding cybersecurity initiatives
One thing is for sure, there is no problem with funding cybersecurity initiatives. Forbes estimated the global cybersecurity industry was worth $75 billion at the end of 2015 and will hit $170 billion by 2020. Businesses are throwing money at the issue yet reports continue to show how the number of attacks are increasing month on month, week on week.
With all this as background, there’s a natural temptation for organizations to jump ahead and deploy the latest point tools while forgetting to ask the basic questions. Can we count the number of machines on the network? Does my organization know the number of users with admin rights? Could we identify vulnerabilities and then quickly patch each one? This is little more than simple counting and the ability to act swiftly to mitigate, isolate or trace a threat – but it’s a method that would improve security and save organizations money.
When companies focus on getting the basics right, it is amazing what companies discover about their own systems. From our own perspective at Tanium, we’ve seen our clients be able to fix issues they never even knew they had:
- One of our US automotive clients discovered they had 30% more computers than they thought they did because they’ve never had visibility of their entire estate.
- A European energy client found multiple vulnerabilities in the systems on their oil drilling rigs – these were being exploited by hackers and costing millions in production because those systems were considered to be “too difficult to manage”.
- A global banking client found evidence of an active insider threat and managed to isolate the threat, retrace the exploit and identify the culprit, thus protecting customers’ information.
These are all real-world examples that illustrate the value of total visibility and control at speed and scale. The UK has some shown some encouraging signs of recognizing the need to improve basic hygiene and we look forward to seeing more of their approach in action. The first role of the National Cyber Security Centre (due to open in October) when advising businesses, should be to ensure they adopt good visibility across their networks.
However, we’re also mindful that the British Government needs to ensure it takes its own advice. A worrying report from the National Audit Office recently accused Whitehall of not taking its own information security seriously. The new Minister has shown he understands some of the big cybersecurity issues facing the UK, but he must make sure this approach is followed in the public sector as well as in business.
About the Author: Dylan DeAnda is a Senior Director of Technical Account Management in EMEA for Tanium, with a focus on EMEA customers and their unique challenges. DoD Commanders have called him a “horse whisperer” and a “cat wrangler” for their Security and Operations Teams. He has provided Common Operational Picture solutions for Joint and Coalition Forces Commanders in the U.S. and overseas. Prior to supporting our nation’s War Fighters, Dylan supported the nation’s largest commercial entity’s cloud-based operations. He has written and edited technical books on Microsoft Internet Information Server 5.0 and Microsoft Application Servers. Prior to his career in technology, Dylan served in the U.S. Army as a Korean Linguist, specializing in Military Intelligence and Electronic Warfare.