Current Filter: Network>>>>>Opinion>

   

The Labour party's defence spokesman, Vernon Coaker, recently declared it should be a "legal requirement" for businesses to report cyber-attacks. This is actually quite shocking: shocking because it isn't already demanded by either customers or the law. Companies are storing huge amounts of data, including personal information and sensitive financial reports, yet there is no obligation to report their loss.

With 75 per cent of businesses using some form of cloud technology and the continued prevalence of remote working, most organisation’s internal systems are accessible from beyond the enterprise network. With high-profile cyber breaches on the rise, collateral damage is getting worse, but companies still fail to establish adequate protection.

THE GLITCH AND THE GAP
There is a major glitch in the current IT landscape. It needs to be dealt with swiftly. Enterprise identity platforms and network security platforms inhabit separate worlds that rarely collaborate. With increasing machine-to-machine communication and the internet of things, more devices are handling information without any specific involvement from those concerned. Each new device handling data increases the risk of hacker access.

Businesses must address this and use context to bridge the gap between identity and security. Without collaboration, the information and actions needed to halt criminal attacks fall into the identity/security gap. As if to close the open doors, Identity Relationship Management (IRM) emphasises communication between network firewall systems and identity platforms.

The combined information provided by these systems is a powerful mix. It unites risk-based activities across networks, including malware attacks, viruses and data breaches with risk-based identity data. This adds in contextual information, such as location, time of day and the device being used, to help ensure only legitimate access.

OFFENCE IS THE BEST DEFENCE
In order to improve internet security and ensure that businesses and people are as secure as possible, transparency is essential. When a breach occurs, people must be told quickly so that they can take action to protect their identities and data. Companies not reporting cyber-attacks will increase the damage that is wrought and the transparency mentioned should apply not only to how companies inform people, but also how software is built.

The vast majority of software is closed-code, meaning that only the developers review it. So, the only people able to act on a coding flaw are a small team of coders responsible for its construction and maintenance. Open Source software on the other hand is more collaborative in this respect. This all-encompassing teamwork based approach means that an issue within the software can be spotted and acted upon far more quickly than in a closed-code environment, allowing the global developer community to apply their considerable expertise.

With reaction time being paramount in restricting the damage dealt by a security issue or hack, the flexible and collaborative nature of Open Source technology really aids incident response. The more people are involved, the more powerful the software can become.

Cyber security is not an afterthought and should be viewed as an enabler for business growth. It needs to be taken as seriously as every other part of business protection and interwoven with the wider IT strategy to be truly successful. With business being increasingly reliant on the internet and connected devices, hackers have the ability to cause huge damage very quickly.

Organisations need to take the phrase "prevention is better than cure" to heart. Reacting to hacking will not repair damages to a brand or a company image. Businesses must realise that failing to prepare is preparing to fail. A law requiring the reporting of cyber-attacks is a step in the right direction, but this alone is neither a beginning nor an end.