Bring strategy back into your security posture by turning to chess
Guest blog: Ramsés Gallego, International Chief Technology Officer, CyberRes, Micro Focus as part of our #Cyber2021 week.
In chess, players must think both tactically and strategically. They must respond to the immediate situation by countering threats, while also understanding how their moves might create vulnerabilities that their opponent can exploit. The same is true for securing your business.
During 2020, organizations went through a wave of rapid digital transformation which, understandably, was more tactical than strategic. The need for flexible remote working led to a massive rollout of new devices and permissions to access data. New applications were deployed to ensure continuity of business processes and services. More tools and cloud capacity were added to the IT infrastructure to keep up with demand.
Now that the world is reopening, organisations need to take a strategic look at their technology and solidify the benefits of this digitalization. This means mitigating the risks of a bigger attack surface that was created by the additional devices, applications, users, and data.
Make your best moves with a helping hand
The strategic approach to digital transformation is to run and transform simultaneously, bridging existing and emerging technologies while mitigating risks. Remote working, for example, isn’t just about handing out devices. It’s about providing secure access to the systems individuals need and taking into account what could happen after access is granted. Once data can be accessed from anywhere, a single breach could compromise large swathes of valuable data.
Rather than building walls that silo information and lock down identity privileges, the strategic move might be to implement a User and Entity Behaviour Analytics (UEBA) tool. These AI tools monitor all system activity in real time, identifying anomalies and responding to risk. This is context-aware computing: security that works with how employees work, rather than creating barriers to productivity.
We can also build DevSecOps processes that centre on security and introduce tools such as Runtime Application Self-Protection (RASP) that automate the detection and prevention of threats at the application layer. The strategic move, however, might be to also include HR in the response process and call on business leaders to promote teamwork.
This form of risk is heightened by the realities of remote working. Staff need to share data, but if the officially-sanctioned tool presents a problem, they might turn to alternative solutions, removing that data from security oversight in the process. Likewise, if they need to access data frequently, they might save copies in multiple places to avoid repeated security checks.
All of this creates a growing mass of shadow data. While continued digital transformation might reduce non-sanctioned practices, the strategic move might be to put data discovery tools in place and in return bring shadow data back under the influence of your security strategy.
Checkmate in three
Your business is the king you must protect. In chess, finding your king in check means making a move that eliminates the danger. Similarly, any threat to your business continuity needs to be answered immediately. The best strategy is to avoid check by making cybersecurity the queen that keeps your business safe.
At CyberRes, we understand the right strategies to protect what’s most valuable. We read the board for threats that are specific to an organisation and supply solutions that put risk in checkmate. We keep businesses cyber resilient with three key moves: Manage Identities, Secure Applications, and Protect Data.
To learn more about how we make businesses resilient through transformation, please contact Ramsés Gallego or visit Cyberres.com
Dan Patefield
Head of Cyber and National Security, techUK
Dan Patefield
Head of Cyber and National Security, techUK
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
Jill is techUK’s Programme Manager for Cyber Security, working across the cyber eco-system to bring industry together with key stakeholders across the public and private sectors.
Prior to focusing in on techUK's cyber security work, Jill was also part of techUK's Central Government programme team, representing the supplier community of technology products and services to Whitehall departments.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Programme Manager, Cyber Security and Central Government, techUK
Annie Collings
Programme Manager, Cyber Security and Central Government, techUK
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023.
Prior to joining techUK, Annie worked as an Account Manager at PLMR Healthcomms, a specialist healthcare agency providing public affairs support to a wide range of medical technology clients. Annie also spent time as an Intern in an MPs constituency office and as an Intern at the Association of Independent Professionals and the Self-Employed.
Annie graduated from Nottingham Trent University, where she was an active member of the lacrosse society.
Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week.
Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there.
Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows!
Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!