Paul Brucciani, VP Commercial Business Development, Garrison
Each year, 50,000 hedgehogs are killed on British roads. Hedgehogs live in straitened times because the protection that has worked so well them since the age of the dinosaurs, is unsuited to the age of vehicles. In a period of rapidly changing cyber threats, defences and risk mitigations must adapt. This makes hedgehogs a compelling metaphor for IT security in the internet age.
Internet technology was invented over 40 years ago in a completely different threat landscape. Cyber attacks today are more frequent, widespread and damaging than ever before. IT and cyber security is no longer fit for purpose, having failed to move with the times. We, like hedgehogs have to adapt. But how?
‘Do nothing’ is not an option. Yet, in 2017, an estimated $90 billion was spent worldwide on all manner of cyber security products and services that collectively have proven to be inadequate. In hedgehog security terms, this is like providing them with titanium-tipped spines to better resist vehicle collisions. What is preventing is us from choosing a more radically effective option?
Buyers are not helped by a highly fragmented market. There are over 2,500 cyber security product vendors. Where does one start?
There does not exist an objective, universally-accepted means of security assurance testing, which is why when we go to conferences or read news articles, we soak up the confidently delivered opinions of experts and buy products based on trust. We crave certainty more than we do truth. In a chaotic cyber security market, we are attracted to those offering well-marketed potions to salve our cyber security concerns.
Don’t trust vendors, celebrity endorsements, or anything printed: we are being mis-sold technology because no vendor will admit where its flaws are. Don't trust vendors, trust yourself: define requirements, check references and do test all vendor claims as far as possible, combining testing efforts with peers.
Make security simple: overly complex IT and security is a consequence of the limited assurance offered by many of today’s security technologies. Simplify your IT security architecture by picking technologies of proven security assurance. Less is more.
Adopt a barbell strategy: a combination of high and low risk management strategies; protecting to the maximum possible extent your critical network assets allows you to take a more liberal approach to managing lesser risks.
Browser-based attacks are the primary means by which attackers reach users and manipulate information systems. Remote browsing, implemented in the right way provides a metaphorical wall that enables us to simplify IT security, by eliminating a whole class of web security threats. It has been used for years within secure government and is rapidly gaining attention. (If you have a Gartner subscription, look at its latest paper called ‘Beyond Detection’, which describes 5 evasion-resilient security patterns).
Garrison combines the government-grade security with hardware innovation in a product that enables enterprise users to browse the web without risk.
Garrison’s Silicon-Assured Video Isolation (SAVI)® elegantly isolates web threats from trusted assets in a way that is highly assured. Come and meet us at the GBI CISO Conference in Cambridge on 4 July 2019 to find out how, or visit our website (www.garrison.com).
Unfortunately, the most elegant solution to hedgehog woes is the ‘hedgehog highway’ that allows them to forage, nest and breed with greater freedom. If we spent on saving hedgehogs a fraction of what we spend on cyber security, I’m sure their lives would be safer.
Garrison will be present at our CISO event in Cambridge University on Thursday 4th July 2019. To learn more, contact GB Intelligence on 01633 749520 or at firstname.lastname@example.org.
To learn about other events like this, visit here.
You have missed out some details, please try again.