Reimagining Your Cyber Infrastructure

While the tech industry is distracted with endless conversations on the impact of generative AI, 2023 has seen several companies fall victim to crippling cyberattacks. These attacks often fall under one of two formats - either bad actors break in, compromise data, and hold it to ransom, or they enter systems and delete or encrypt data, which requires a cyber-tolerant backup solution.

Armed with the capabilities of AI tools and able to target companies through their increasing use of SaaS, cloud, and web collaboration tools, bad actors are launching increasingly smart and complex attacks, becoming a threat for organisations in all industries. 

Recently, the recent high-profile University of Manchester hack, which affected more than a million NHS patients’ details demonstrates the vulnerability of large corporations in the UK, with stolen data including NHS numbers and postcodes. Facing a host of other corporate pressures – like rising inflation, worker shortages, and regulatory standards – businesses need a simpler way to successfully navigate ongoing threats.

An Abundance Of Solutions

In response to more sophisticated and frequent cyberattacks, security teams are implementing a growing number of fixes and cyber tools. However, due to making quick, reactive decisions based on live vulnerabilities, and with many tools sold as part of packages that offer a number of capabilities, security professionals are often left with a somewhat bloated cybersecurity stack. In fact, IBM have found that the average organisation uses 45 different cybersecurity tools, so it’s not surprising that solutions frequently undermine each other and become difficult to manage. 

A disaggregated approach means that data on cyber threats takes longer to process, putting the organisation at greater risk of attack. Security teams that operate more than 50 tools have been found to be 8% less effective at detecting attacks, directly contradicting their purpose. As what’s perceived as the latest and most exciting tools are added to the tech stack, there’s a danger of siloes forming - either by function or by location. Organisational siloes reduce the visibility of overall operations, making it much more challenging to assess the business’ efficiency and state of its cyber protection. 

Organisations should be focused on reducing the chances of a breach by reducing their organisation’s attack surface.

They can only achieve this by ensuring all endpoints have an effective EDR solution and knowing the “vulnerability or exposure” status of these Endpoints. This is where most organisations falter, as they do not have effective asset management. For enterprises that have three or more service providers, ensuring all endpoints are known and protected becomes even more challenging.  

Breaking Siloes With Resilience

While every solution has its stronger and weaker points, as attacks have evolved the conversation has shifted from “how can we prevent attacks” to “how can we survive an attack”. While prevention methods are still vital in a well-rounded cybersecurity stack, businesses also need to focus on Disaster Recovery (DR), modern DR covers Fire, Flood and Cyber event scenarios as a way of building cyber resilience, with tools like incident triage, incident response, threat intelligence, and compliance management.

But resilience, at its most basic level, requires that the business has an understanding of the “minimum viable organisation” – what the critical processes are, how much the business is willing to lose, and what its non-negotiables are. To establish this, organisations should start with integrating their multiple tools and technologies, rather than fixing issues on a case-by-case basis. 

The easiest way to integrate new technologies within the tech stack, without creating siloes, is to simplify it.

Security teams should take the opportunity to remove what is no longer necessary, cutting away anything that does not directly link to the organisation’s key capabilities. By using actionable insights and security intelligence, driven by industry standards and best practice methods, businesses can consolidate siloes and start with a simplified base that makes managing cybersecurity easier, ultimately building a more resilient business future.

Rebuilding & Recovering

In the interest of helping to build a culture of resiliency, Kyndryl recently announced the Cybersecurity Incident Response and Forensics (CSIRF) service, designed to help customers respond to threats with advanced intelligence and domain expertise. The CSIRF services offers integrated and seamless incident response, support, and forensics that resolve threats like ransomware, as well as understanding their root cause. This reduces the incident window, recovery time, and maintains trust with customers and regulatory authorities.

This forms the respond phase of the NIST framework, providing infrastructure to recover servers and data post-breach. Most organisations recover their data from a ‘vault’, away from bad actors and unable to be exchanged or expired, and must ensure that this data can be retrieved quickly into a clean production environment when it’s needed. Kyndryl’s 30 years of business continuity expertise has enabled the creation of Cyber Tolerant Backup Solutions, with sufficient frequency to develop Technical Recovery Plans (TRPs) to retrieve data backup under orchestration recovery. 

In addition, Kyndryl’s partnership with AWS helps to break down technology siloes with a state-of-the-art data lake designed to give customers visibility of their entire security posture in a single pane of glass. The Kyndryl Security Operations Platform with AWS unifies disparate systems and data into a cohesive and agile operation that detects and responds to incidents faster with advanced security intelligence.

As businesses continue to navigate evolving cybersecurity threats and complex organisational siloes, it’s crucial that security teams embrace security resilience as much as they embrace detection and prevention. In an era of “not if, but when” when it comes to cyberattacks, simplifying and synchronising infrastructure will be imperative in keeping the business and its customers secure. 

Duncan Bradley is Security & Resiliency Practice Leader at Kyndryl

You Might Also Read:

Navigating The Evolving Threat Landscape:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Undetected Attackers Could Be Inside Your IT Systems Now
He's Back Again... »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

Cybellum

Cybellum

Cybellum brings the entire product security workflow into one dedicated platform, allowing device manufacturers to keep the connected products they build cyber-secure and cyber-compliant.

Sweepatic

Sweepatic

The Sweepatic reconnaissance platform discovers and analyses all internet facing assets and their exposure to risk.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.

itm8

itm8

itm8 is a Nordic digital transformation partner offering a wide range of services in IT operations and Cloud Services, Digital Transformation, Application Services, ERP, and Cyber Security.