Bring strategy back into your security posture by turning to chess
Guest blog: Ramsés Gallego, International Chief Technology Officer, CyberRes, Micro Focus as part of our #Cyber2021 week.
In chess, players must think both tactically and strategically. They must respond to the immediate situation by countering threats, while also understanding how their moves might create vulnerabilities that their opponent can exploit. The same is true for securing your business.
During 2020, organizations went through a wave of rapid digital transformation which, understandably, was more tactical than strategic. The need for flexible remote working led to a massive rollout of new devices and permissions to access data. New applications were deployed to ensure continuity of business processes and services. More tools and cloud capacity were added to the IT infrastructure to keep up with demand.
Now that the world is reopening, organisations need to take a strategic look at their technology and solidify the benefits of this digitalization. This means mitigating the risks of a bigger attack surface that was created by the additional devices, applications, users, and data.
Make your best moves with a helping hand
The strategic approach to digital transformation is to run and transform simultaneously, bridging existing and emerging technologies while mitigating risks. Remote working, for example, isn’t just about handing out devices. It’s about providing secure access to the systems individuals need and taking into account what could happen after access is granted. Once data can be accessed from anywhere, a single breach could compromise large swathes of valuable data.
Rather than building walls that silo information and lock down identity privileges, the strategic move might be to implement a User and Entity Behaviour Analytics (UEBA) tool. These AI tools monitor all system activity in real time, identifying anomalies and responding to risk. This is context-aware computing: security that works with how employees work, rather than creating barriers to productivity.
We can also build DevSecOps processes that centre on security and introduce tools such as Runtime Application Self-Protection (RASP) that automate the detection and prevention of threats at the application layer. The strategic move, however, might be to also include HR in the response process and call on business leaders to promote teamwork.
This form of risk is heightened by the realities of remote working. Staff need to share data, but if the officially-sanctioned tool presents a problem, they might turn to alternative solutions, removing that data from security oversight in the process. Likewise, if they need to access data frequently, they might save copies in multiple places to avoid repeated security checks.
All of this creates a growing mass of shadow data. While continued digital transformation might reduce non-sanctioned practices, the strategic move might be to put data discovery tools in place and in return bring shadow data back under the influence of your security strategy.
Checkmate in three
Your business is the king you must protect. In chess, finding your king in check means making a move that eliminates the danger. Similarly, any threat to your business continuity needs to be answered immediately. The best strategy is to avoid check by making cybersecurity the queen that keeps your business safe.
At CyberRes, we understand the right strategies to protect what’s most valuable. We read the board for threats that are specific to an organisation and supply solutions that put risk in checkmate. We keep businesses cyber resilient with three key moves: Manage Identities, Secure Applications, and Protect Data.
To learn more about how we make businesses resilient through transformation, please contact Ramsés Gallego or visit Cyberres.com
Jill Broom
Head of Cyber Resilience, techUK
Jill Broom
Head of Cyber Resilience, techUK
Jill leads the techUK Cyber Security programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week.
Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there.
Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows!
Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!