Bring strategy back into your security posture by turning to chess
In chess, players must think both tactically and strategically. They must respond to the immediate situation by countering threats, while also understanding how their moves might create vulnerabilities that their opponent can exploit. The same is true for securing your business.
During 2020, organizations went through a wave of rapid digital transformation which, understandably, was more tactical than strategic. The need for flexible remote working led to a massive rollout of new devices and permissions to access data. New applications were deployed to ensure continuity of business processes and services. More tools and cloud capacity were added to the IT infrastructure to keep up with demand.
Now that the world is reopening, organisations need to take a strategic look at their technology and solidify the benefits of this digitalization. This means mitigating the risks of a bigger attack surface that was created by the additional devices, applications, users, and data.
Make your best moves with a helping hand
The strategic approach to digital transformation is to run and transform simultaneously, bridging existing and emerging technologies while mitigating risks. Remote working, for example, isn’t just about handing out devices. It’s about providing secure access to the systems individuals need and taking into account what could happen after access is granted. Once data can be accessed from anywhere, a single breach could compromise large swathes of valuable data.
Rather than building walls that silo information and lock down identity privileges, the strategic move might be to implement a User and Entity Behaviour Analytics (UEBA) tool. These AI tools monitor all system activity in real time, identifying anomalies and responding to risk. This is context-aware computing: security that works with how employees work, rather than creating barriers to productivity.
We can also build DevSecOps processes that centre on security and introduce tools such as Runtime Application Self-Protection (RASP) that automate the detection and prevention of threats at the application layer. The strategic move, however, might be to also include HR in the response process and call on business leaders to promote teamwork.
This form of risk is heightened by the realities of remote working. Staff need to share data, but if the officially-sanctioned tool presents a problem, they might turn to alternative solutions, removing that data from security oversight in the process. Likewise, if they need to access data frequently, they might save copies in multiple places to avoid repeated security checks.
All of this creates a growing mass of shadow data. While continued digital transformation might reduce non-sanctioned practices, the strategic move might be to put data discovery tools in place and in return bring shadow data back under the influence of your security strategy.
Checkmate in three
Your business is the king you must protect. In chess, finding your king in check means making a move that eliminates the danger. Similarly, any threat to your business continuity needs to be answered immediately. The best strategy is to avoid check by making cybersecurity the queen that keeps your business safe.
At CyberRes, we understand the right strategies to protect what’s most valuable. We read the board for threats that are specific to an organisation and supply solutions that put risk in checkmate. We keep businesses cyber resilient with three key moves: Manage Identities, Secure Applications, and Protect Data.
To learn more about how we make businesses resilient through transformation, please contact Ramsés Gallego or visit Cyberres.com
Dan Patefield
Dan Patefield
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
- Email:
- [email protected]
- Phone:
- 020 7331 2165
Jill Broom
Jill Broom
Jill is techUK’s Programme Manager for Cyber Security, working across the cyber eco-system to bring industry together with key stakeholders across the public and private sectors.
Prior to focusing in on techUK's cyber security work, Jill was also part of techUK's Central Government programme team, representing the supplier community of technology products and services to Whitehall departments.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
- Email:
- [email protected]
- Twitter:
- @honeybroom
- Website:
- www.techuk.org
- LinkedIn:
- https://www.linkedin.com/in/jill-broom-19aa824
Annie Collings
Annie Collings
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023.
Prior to joining techUK, Annie worked as an Account Manager at PLMR Healthcomms, a specialist healthcare agency providing public affairs support to a wide range of medical technology clients. Annie also spent time as an Intern in an MPs constituency office and as an Intern at the Association of Independent Professionals and the Self-Employed.
Annie graduated from Nottingham Trent University, where she was an active member of the lacrosse society.
- Email:
- [email protected]
- Twitter:
- anniecollings24
- LinkedIn:
- https://www.linkedin.com/in/annie-collings-270150158/