For all the antivirus
protection we have developed over the last several decades, the operational
business issues and technical challenges thrown up by a constantly evolving
landscape of malware, Trojans, phishing, social engineering, ransomware and
more all present a problem for businesses in all verticals. Part of the root of this 'problem'
stems from the abilities malicious hackers have to create variants their
A comparatively 'simple' tweak in a piece of malicious software
code can spawn a new piece of malware that detection engines have to treat as a
completely new problem. These chunks of code
are then exchanged across the interconnected back passageways of the so-called
'dark web' (that part of the Internet that is hidden from most search engines
and users). At this point, the problem we face escalates even further.
What is truly problematic
(frightening, might be a more appropriate term) is that black hat malicious hackers now offer
their destructive code in a service-based delivery format. Anyone who wants to
engineer an attack or mount an Advanced Persistent Threat (APT) can do so, if
they have the money to pay for it. We are quite literally in an era of
Cybercrime-as-a-Service (CaaS) where hackers even offer technical support to
those who wish to mount an attack of one form or another.
As we stand today, the
challenge for our world economy is that we typically only really see security taken
seriously by organisations in finance, gambling, medical, aviation and other
'mission critical' operations. In reality, all firms should consider themselves
to be mission critical and take the same locked down approach. There's a logical
equation building here i.e. we see Cybercrime-as-a-Service (CaaS) on the rise
and we see that firms fail to protect themselves properly and very often don't
detect breaches when they do occur -- looking outwards to a managed outsourcing
specialist to provide Security-as-a-Service (SaaS) may be a rational route out
of this predicament.
Key features within
SaaS platforms will include robust anti-virus protection, identity and access
management controls, application testing intelligence and (at a more holistic
level, the ability to execute operational diagnostics through a managed
Security Operating Centre (SOC)-as-a-Service function.
The real difference in security today
With these SaaS-based
tools, firms can put the tools in place to form a robust enough layer of
protection for a generation (if not generations, plural) to come. Cybercrime is
evolving everyday and the existence of Bitcoin means that a frightening new
wave of monetised ransomware is fast developing. Fighting malicious hackers
with a proactive posture to protect from first principles is essential.
VIDEO: Enterprise level ransomware is on the rise In a world where Bitcoin has become the currency of electronic cybercrime, how should firms regard the new threat landscape and what major trends are driving the behavioural model of the cybercriminals themselves? Simon Edwards, cybersecurity architect at Trend Micro explains how enterprise level ransomware has evolved in the modern business landscape.
INTERVIEW: Andy Powell, VP for cyber security, Capgemini UK In an ever shifting IT threat landscape, how can firms fight the rising tide of malicious intent that looms over their day-to-day operations? Andy Powell, VP for cyber security at Capgemini UK, explains how the Security-as-a-Service model can apply to enterprise.
What is your first and most fundamental piece of advice to firms on primary security issues?
My first piece of advice to any
firm is to adopt a proactive security posture. We find ourselves in a 'defensive
spiral' as we try to fend off the threat of cyber attacks every day, so a proactive
posture is essential if the business is going to move forward. What I mean by
this is that the key to any successful business is being able to shape operations
into the way a firm itself wants to operate -- as opposed to the way hackers
would like to view the business.
Clearly, the process
of digital transformation is one of the key drivers here for many organisations.
We know that our clients want to operate in a digitally transformed
environment, so we need to examine exactly how we can build in the right degree
of robustness and resilience that will stop the bad guys exploiting an
individual firm's architecture.
Perhaps firms should think of their headquarters as a stronghold of some sort that they need to fortify against cyber invaders?
Indeed. I'm a big fan of medieval history and I like to draw parallels with the way we
used to build castles as our protective shells. Castles actually did rely
simply on their tall outer walls, they were built with 'keeps' for a reason i.e. this was
where we kept our most precious valuables. Castles were also built with small
narrow staircases and rooms so that we could restrict and deal with any
design is absolutely a precursor to creating any cyber safe operation. Medieval
castle builders were way ahead of their time. Our networks are far too open
today by comparison.
One of the reasons we
are still encountering the bad guys inside our networks is that our networks
were never built for robustness with enough strength to repel external threats.
Furthermore, we have not focused enough on building structures to watch inside
and outside our networks. The insider threat is pervasive and whether by
blackmail, bribery or just poor practice, a majority of breaches are caused by
the door being opened from the inside. Training and monitoring our people is
How do you justify the Security-as-a-Service model that Capgemini provides?
When it comes to SaaS, there is
one school of thought to say that nobody knows how to look after a firm's
assets better than the owners themselves. There's another school of thought
saying that no single firm can ever know enough about the threat landscape to
look after itself competently.
I am in fact an
advocate of a hybrid approach in this case. Firms should own a degree of their
own operational risk but also look to an external organisation to provide
constantly updated threat intelligence. Assuming that the client itself is not
a cybersecurity specialist in their own right, they can never have the core
competency needed to provide fully robust protection.
Capgemini has built
its SaaS offering around three core functions: Identity and Access Management,
Software Testing and Security Operating Centre (SOC)-as-a-Service. We are now
bringing elements of these three capabilities to firms alongside a
security-first approach to engineering.
How much of a risk is the Internet of Things (IoT) and do we need to reverse engineer security into existing devices?
We do indeed need to spend more
time considering the impact that the Internet of Things (IoT) will have on
security issues. All connected devices will have to have an IP address and from
this they are then broadcasting their status across the web. What we need to
ensure now is that we are not building legacy problems without security
provisioning into our networks.
If every device has
an IP node to allow it communicate externally, then we need to accommodate for
this into our security architecture planning. This will apply both in our
factories with industrial sensors and inside our homes with connected
televisions and so on.
Firms will need to
focus on which devices are connected onto their operational and corporate
networks and once we have that knowledge then can focus the right protection in
the right place. This may often require a bit of reverse engineering to find
out which things are connected where so that we can apply the requisite levels
of protection as the Internet of Things builds. We must think about segmenting
our complex interconnected world into manageable and secure areas. We must also advocate and properly apply
standards in the rapidly evolving IoT-world.
So how do we get to the future?
The path towards safer future and security-aware business operations is a
tough one, but we can get there with the right level of strategic planning. Capgemini
business modelers work to analyse a firm's existing operation and look for
unstructured data and areas of weakness where security vulnerabilities exist.
As the business modelers
work towards digital transformation goals with firms, they ensure that security
is baked in from the start. The worry is that digital transformation processes
might start out without security provisioning in place at ground zero. Even if
this does occur, a rapid analysis of what is critical and where it is best
secured can help.
This comes back again
to Capgemini insisting upon a proactive stance towards the threats that exist
in the fully security-aware digitally transformed business today. This is the
way forward; this is the way to a safer cyber-secure future.
AT A GLANCE: Capgemini's cybersecurity protectionCapgemini's approach
to cybersecurity sees the firm strategically position three key elements in a
new programme initiated to encourage firms to 'control and secure' their own
From asset management
to testing to security centre diagnostics, the firm's solution showcase is
demarcated and defined as follows:
Identity and Access Management -- Having a strong identity regime
inside your network is key if you are going to successfully take a proactive
approach to cybersecurity. This means putting the controls in place to ensure
that information and other assets are only accessible to the staff members that
need them. Management controls also need to put in place to allow these
identity controls to be changed when needed in a dynamic business environment.
Capgemini is forming
new partnerships in this space to perform what it calls 'fast track' identity
and access management services to bring these capabilities online rapidly.
Capgemini uses templates that have been built and refined through working with
thousands of clients globally. In this way, best practice can be applied
Software Testing -- The need to build software
application level security testing at the initial architectural 'build' phase
is of critical importance. Being able to constantly check for weaknesses in an
application on an ongoing basis is crucial. Capgemini is working to build this
type of capability into its standard approach to DevOps.
Being able to
evaluate weaknesses in source code on an ongoing basis is critical because no
application stands still i.e. updates, patches, augmentations and enhancements
are applied to heavily used software applications all the time.
Being able to provide
this type of source code analysis and testing on an ongoing basis is critical
and being able to provide it as-a-Service means that threat analysis is
constantly updated. This testing is focused initially on security testing, but
the sister discipline of functionality testing is part of the total DevOps process which this service helps
Security Operating Centre
(SOC)-as-a-Service -- Capgemini offers a SOC diagnostic capability that initially analyses
what is best for the client so that initial planning can be executed. This
helps to evaluate which elements of the total Security Operating Centre
responsibility should be owned by the client itself and which elements
Capgemini should offer. This allows Capgemini to effectively offer a SOC hybrid
INFOGRAPHIC: Cyber-security costs, risks and means of protection The notion of managed Software-as-a-Service (SaaS) gives firms the opportunity to concentrate on extending their core competencies while also operating their primary trading interests on the back of a more robust and resilient infrastructure. What are the costs and risks of cyber-security, and the market for SaaS protection?