{"id":36536,"date":"2022-05-31T11:45:00","date_gmt":"2022-05-31T11:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/archives\/36536"},"modified":"2022-05-31T11:45:00","modified_gmt":"2022-05-31T11:45:00","slug":"the-importance-of-making-information-security-more-accessible","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=36536","title":{"rendered":"The importance of making information security more accessible"},"content":{"rendered":"
<\/div>\n

For organisations today, information is freedom. Those that are able to extract, harness and protect their data will find it far easier to meet their objectives in today\u2019s customer-centric, information-driven landscape.<\/p>\n

How companies can achieve that has changed massively over the past few years. Extracting and harnessing data remains as vital as ever, but the need to protect that data, and prioritise aspects such as data privacy<\/a>, has become essential.<\/p>\n

With data and security now so heavily tethered to business objectives and overall strategy, companies are increasingly looking for ways to enhance their information security posture to enable them to be more profitable and productive in a sustainable, low-risk way.<\/p>\n

So, what are the key considerations? How can businesses make information security work for them?<\/p>\n

\n

<\/i>Making information security more accessible<\/h3>\n

Information security isn\u2019t just a technical issue, but a cultural one. Having technical talent in security is important, but a company that rests solely on this will end up with a fairly homogenised perspective on security.<\/p>\n

It will be too focused on matter such as OSI<\/a> (open systems interconnection) or the MITRE ATT&CK framework<\/a>, for example, and while these elements are useful and important, pursuing them exclusively can lead to a fairly reductive and isolated take on security, when what you need is a fully integrated and holistic one.<\/p>\n

It\u2019s time for a bigger conversation in the industry about how we handle information security. It\u2019s multi-dimensional and touches every aspect of a business, so it makes no sense to keep it siloed as an exclusively technical endeavour. By bringing non-technical and more diverse voices into the conversation, businesses can better align their information security processes with their overall objectives for growth and profit.<\/p>\n

The more businesses can bridge the divide between security professionals and the rest of the organisation, the more robust and well-rounded their overall strategy will be. Security teams shouldn\u2019t be compartmentalised and, equally, non-technical teams should also have a seat at the table. <\/p>\n<\/section>\n

\n

<\/i>From defensive to proactive<\/h3>\n

Aston Martin<\/a> already had excellent security tooling when I joined the business, and thankfully we haven\u2019t experienced any major attacks or cyber security incidents since. One of the things that has changed, however, is a gradual shift from defensive fortification toward innovation and collaboration, forging security partnerships both internally and with third parties<\/a>.<\/p>\n

Tight security partnerships aren\u2019t just about gaining a technical upper hand, they\u2019re about moving an organisation forward. Introducing new business-wide standards and policy frameworks can have a profound impact on an organisation\u2019s overall security posture. While these may start out as technical missions, they quickly become cultural journeys.<\/p>\n

Those journeys don\u2019t just have one destination either. Mastering cyber security is like trying to hit a moving target; your organisation has to evolve with the changing threat landscape. Management needs to be focused not just on the here and now, but on what might be around the corner. Aston Martin, for instance, is modelling a threat intelligence management approach that addresses not just the current threat environment, but also the emerging one to ensure that it maintains its security position.<\/p>\n<\/section>\n

\n

<\/i>A common digital language<\/h3>\n

If mastering information security is like trying to hit a moving target, then in order to hit that target, organisations need to have the best technical and non-technical voices in the room at a given time.<\/p>\n

Aston Martin focuses on what I call \u201cdigital literacy\u201d, which involves non-technical staff learning enough of the technicalities to participate in the conversation, while our technical staff do their best to simplify technical processes. This meeting in the middle allows for some very interesting and productive conversations.<\/p>\n<\/section>\n

\n

<\/i>To outsource or not to outsource?<\/h3>\n

This is perhaps what could be referred to as a trick question, because the real answer is \u201cboth\u201d. To keep up with the changing threat landscape, businesses need to be able to easily tap into knowledgeable and capable talent.<\/p>\n

It\u2019s important to nurture in-house talent and grow your own technical team. Enlisting third-party support doesn\u2019t change that, and bringing in third-party expertise can be one of the best ways to nurture in-house talent and acquire knowledge.<\/p>\n

It\u2019s no longer 1985, where businesses can expect to easily retain the best talent in the industry for their whole career \u2013 talent is now democratised and shared. And with the threat landscape moving at the speed of light, organisations should be willing to adapt to the talent market to shore up their security positions.<\/p>\n<\/section>\n

\n

<\/i>Levelling the playing field in the \u2018new normal\u2019<\/h3>\n

It\u2019s very easy to get spooked by the threat landscape today. Throughout the course of the pandemic, we\u2019ve seen incidents of ransomware soar<\/a> to the point where businesses without a robust information security strategy are more or less sitting ducks. The nature of supply chain attacks means that they might be affected even if they\u2019re not the target \u2013 nobody wants to be collateral damage.<\/p>\n

In Marc Goodman\u2019s book, Future Crimes<\/em>, he talks in detail about the tenacity of malicious innovation \u2013 how threat actors always tend to be one step ahead when it comes to developing new ways of breaching cyber defences and infiltrating corporate networks. Closing this innovation gap should be a primary focus for the cyber security industry, particularly as we get settled into this new normal of agile working.<\/p>\n

According to Goodman, 89% of employees are accessing work-related information on their mobile phones, and 41% are doing so without the permission or knowledge of their employer. That\u2019s an example of how a change in the working landscape can automatically put cyber security professionals at a disadvantage.<\/p>\n

If the message wasn\u2019t already clear, we\u2019ve got a lot of work to do, and that starts just as much at a cultural level as it does at a technical one.<\/p>\n

Robin Smith is chief security officer at Aston Martin Lagonda.<\/em><\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

For organisations today, information is freedom. Those that are able to extract, harness and protect their data will find it far easier to meet their objectives in today\u2019s customer-centric, information-driven landscape. How companies can achieve that has changed massively over the past few years. Extracting and harnessing data remains as vital as ever, but the […]<\/p>\n","protected":false},"author":1,"featured_media":36537,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-36536","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36536"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36536\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/36537"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}