Is your Cybersecurity future proof?

2019 Marks the 100yr anniversary of the creation of the Government Communications Headquarters (GCHQ), which was formed on 1st November 1919. Over the course of the First World War, GCHQ,  originally called the “Government Code and Cypher School” (GC&CS) provided valuable insight into enemy plans. They were so successful that in peacetime, the cryptanalytical unit was formed to continue the mission. This became known as the Government Communications Headquarters (GCHQ). Since that time, the GCHQ has become a world-leading intelligence, cyber and security agency with a mission to keep the UK safe.

Their work is as important as it ever was. Because while we are not technically at war, there is an ongoing technological battle taking place that each of us is affected by on a day-to-day basis.

But there is only so much that the GCHQ can do for us, and we must take action and responsibility for protecting ourselves and protecting that which we see as most valuable.

Cybercrime

Hardly a week goes by without news of some major cyber incident or data breach being reported across social media. Theft of Data has become commonplace, and the scale of Malicious software (Malware) infections leading to blackmail and extortion is at an all-time high. We are in a world in which businesses must operate in an increasingly hostile environment, which many are ill-equipped to survive. To put it bluntly, the risk of cyber-attack has become an unavoidable cost of doing business today. But how do we stay ahead of these ‘bad actors’ who are trying to break into our systems and steal our data?

Security By Design

In the past when networks and technology were less complex and our reliance on technology wasn’t so high, it was possible to build systems that could withstand the more simplistic forms of attack. But as systems and networks have become increasingly complex and Data is no longer protected behind secure walls (it lives on desktops and devices) we have become increasingly vulnerable.

This is because we are not considering how to build Cybersecurity into the design of our networks and infrastructures, and we’re not thinking about how we can scale these technologies to ensure continuous improvements of Cyber defences.  It is no longer good enough to say “I am secure”.  We must now look at how we remain secure at all times. We can no longer rest on a certificate hanging in reception. We need to move beyond this kind of thinking and begin designing our infrastructure with scalability and security in the forefront of our minds.

If we are to survive in this new environment then like the GCHQ, we must learn to evolve and develop our own ‘situational awareness’. To do this, we need to change the way we think about Cybersecurity and think more deeply than we are at present.

Strategy | Tactics | Operations

Today’s leaders wishing to develop meaningful cyber situation awareness to safeguard sensitive data, sustain fundamental operations, and protect national infrastructure, need to think strategically, tactically and operationally.  Unfortunately, we see a lot of evidence of organisations and leaders thinking operationally about the current threat before them. Responding and reacting to the threats they see, and investing in the defences they perceive as the weakest. That mode of thinking is now out-of-date and needs addressing.

Technology is changing incredibly fast. Moore’s law states that processor speeds or overall processing power for computers will double every two years. This law has held since 1965, and some might argue that it has been reduced to just 18mths. Leaders, therefore, need to think about the future and how their infrastructures will withstand the next 24mths and ask not just operational security questions, but strategic and tactical ones too. Such as;

Strategic

• How can we ensure our Infrastructure is robust to the challenges of the next 2yrs?
• What investment do we need to make in Cybersecurity skills and resources?
• How can we scale our Cybersecurity Compliance programme?

Tactical

• Do we continue to have IT infrastructure onsite, or do we move to Public / Private cloud?
• What additional skills and resources do we need?
• Should we out-source our Cybersecurity compliance programme?

Operational

• Does Private cloud allow the scalability we need?
• Who is responsible at Board level for Cybersecurity?
• Who is responsible for the delivery of a 2yr transformational plan for technical infrastructure?

Conclusion

There is little doubt that Cybersecurity threats are increasing. Not only because we are at risk from bad actors, but because our infrastructures are becoming increasingly complex and ageing. Consider for a moment the device you are reading this blog upon, and it is unlikely to be more than 2yrs old.  Thinking strategically about the technical infrastructure and how this relates to Cybersecurity will be the key differentiator between the company that is, and the company that isn’t at risk from Cyberattack.

The GCHQ is there to help the country protect itself from international threats. Over their long and distinguished 100yr career, there have been many lessons learned. But possibly the most important is that technology doesn’t stand still for long.  The only constant is change.

As Cyberthreats become more sophisticated we need to upgrade not just the technology but also our thinking.​​​​​​