Reimagining Your Cyber Infrastructure

While the tech industry is distracted with endless conversations on the impact of generative AI, 2023 has seen several companies fall victim to crippling cyberattacks. These attacks often fall under one of two formats - either bad actors break in, compromise data, and hold it to ransom, or they enter systems and delete or encrypt data, which requires a cyber-tolerant backup solution.

Armed with the capabilities of AI tools and able to target companies through their increasing use of SaaS, cloud, and web collaboration tools, bad actors are launching increasingly smart and complex attacks, becoming a threat for organisations in all industries. 

Recently, the recent high-profile University of Manchester hack, which affected more than a million NHS patients’ details demonstrates the vulnerability of large corporations in the UK, with stolen data including NHS numbers and postcodes. Facing a host of other corporate pressures – like rising inflation, worker shortages, and regulatory standards – businesses need a simpler way to successfully navigate ongoing threats.

An Abundance Of Solutions

In response to more sophisticated and frequent cyberattacks, security teams are implementing a growing number of fixes and cyber tools. However, due to making quick, reactive decisions based on live vulnerabilities, and with many tools sold as part of packages that offer a number of capabilities, security professionals are often left with a somewhat bloated cybersecurity stack. In fact, IBM have found that the average organisation uses 45 different cybersecurity tools, so it’s not surprising that solutions frequently undermine each other and become difficult to manage. 

A disaggregated approach means that data on cyber threats takes longer to process, putting the organisation at greater risk of attack. Security teams that operate more than 50 tools have been found to be 8% less effective at detecting attacks, directly contradicting their purpose. As what’s perceived as the latest and most exciting tools are added to the tech stack, there’s a danger of siloes forming - either by function or by location. Organisational siloes reduce the visibility of overall operations, making it much more challenging to assess the business’ efficiency and state of its cyber protection. 

Organisations should be focused on reducing the chances of a breach by reducing their organisation’s attack surface.

They can only achieve this by ensuring all endpoints have an effective EDR solution and knowing the “vulnerability or exposure” status of these Endpoints. This is where most organisations falter, as they do not have effective asset management. For enterprises that have three or more service providers, ensuring all endpoints are known and protected becomes even more challenging.  

Breaking Siloes With Resilience

While every solution has its stronger and weaker points, as attacks have evolved the conversation has shifted from “how can we prevent attacks” to “how can we survive an attack”. While prevention methods are still vital in a well-rounded cybersecurity stack, businesses also need to focus on Disaster Recovery (DR), modern DR covers Fire, Flood and Cyber event scenarios as a way of building cyber resilience, with tools like incident triage, incident response, threat intelligence, and compliance management.

But resilience, at its most basic level, requires that the business has an understanding of the “minimum viable organisation” – what the critical processes are, how much the business is willing to lose, and what its non-negotiables are. To establish this, organisations should start with integrating their multiple tools and technologies, rather than fixing issues on a case-by-case basis. 

The easiest way to integrate new technologies within the tech stack, without creating siloes, is to simplify it.

Security teams should take the opportunity to remove what is no longer necessary, cutting away anything that does not directly link to the organisation’s key capabilities. By using actionable insights and security intelligence, driven by industry standards and best practice methods, businesses can consolidate siloes and start with a simplified base that makes managing cybersecurity easier, ultimately building a more resilient business future.

Rebuilding & Recovering

In the interest of helping to build a culture of resiliency, Kyndryl recently announced the Cybersecurity Incident Response and Forensics (CSIRF) service, designed to help customers respond to threats with advanced intelligence and domain expertise. The CSIRF services offers integrated and seamless incident response, support, and forensics that resolve threats like ransomware, as well as understanding their root cause. This reduces the incident window, recovery time, and maintains trust with customers and regulatory authorities.

This forms the respond phase of the NIST framework, providing infrastructure to recover servers and data post-breach. Most organisations recover their data from a ‘vault’, away from bad actors and unable to be exchanged or expired, and must ensure that this data can be retrieved quickly into a clean production environment when it’s needed. Kyndryl’s 30 years of business continuity expertise has enabled the creation of Cyber Tolerant Backup Solutions, with sufficient frequency to develop Technical Recovery Plans (TRPs) to retrieve data backup under orchestration recovery. 

In addition, Kyndryl’s partnership with AWS helps to break down technology siloes with a state-of-the-art data lake designed to give customers visibility of their entire security posture in a single pane of glass. The Kyndryl Security Operations Platform with AWS unifies disparate systems and data into a cohesive and agile operation that detects and responds to incidents faster with advanced security intelligence.

As businesses continue to navigate evolving cybersecurity threats and complex organisational siloes, it’s crucial that security teams embrace security resilience as much as they embrace detection and prevention. In an era of “not if, but when” when it comes to cyberattacks, simplifying and synchronising infrastructure will be imperative in keeping the business and its customers secure. 

Duncan Bradley is Security & Resiliency Practice Leader at Kyndryl

You Might Also Read:

Navigating The Evolving Threat Landscape:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Undetected Attackers Could Be Inside Your IT Systems Now
He's Back Again... »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Infineon Technologies

Infineon Technologies

Infineon is a leader in semiconductor solutions for a huge range of applications including automation, smart systems and security for the Internet of Things.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

Accompio

Accompio

Accompio offer comprehensive support in the digitalisation of your business processes.

DYOPATH

DYOPATH

At DYOPATH we work with the single purpose of helping our clients combat the ongoing increase of cyber threats, the growth in more complex IT environments, and ever-increasing human capital shortages.