The Blog
We’ve got the cyber security model wrong

We’ve got the cyber security model wrong

Paul Brucciani, VP Commercial Business Development, Garrison

Where it went wrong for hedgehogs

Each year, 50,000 hedgehogs are killed on British roads. Hedgehogs live in straitened times because the protection that has worked so well them since the age of the dinosaurs, is unsuited to the age of vehicles. In a period of rapidly changing cyber threats, defences and risk mitigations must adapt. This makes hedgehogs a compelling metaphor for IT security in the internet age.

 

Why IT security managers and hedgehogs need to adapt

Internet technology was invented over 40 years ago in a completely different threat landscape. Cyber attacks today are more frequent, widespread and damaging than ever before. IT and cyber security is no longer fit for purpose, having failed to move with the times. We, like hedgehogs have to adapt. But how?

 

IT security options

‘Do nothing’ is not an option. Yet, in 2017, an estimated $90 billion was spent worldwide on all manner of cyber security products and services that collectively have proven to be inadequate. In hedgehog security terms, this is like providing them with titanium-tipped spines to better resist vehicle collisions. What is preventing is us from choosing a more radically effective option?

Buyers are not helped by a highly fragmented market. There are over 2,500 cyber security product vendors. Where does one start? 
There does not exist an objective, universally-accepted means of security assurance testing, which is why when we go to conferences or read news articles, we soak up the confidently delivered opinions of experts and buy products based on trust. We crave certainty more than we do truth. In a chaotic cyber security market, we are attracted to those offering well-marketed potions to salve our cyber security concerns.

 

Suggestions for buying cyber security in a failing market
  • Don’t trust vendors, celebrity endorsements, or anything printed: we are being mis-sold technology because no vendor will admit where its flaws are. Don't trust vendors, trust yourself: define requirements, check references and do test all vendor claims as far as possible, combining testing efforts with peers.

  • Make security simple: overly complex IT and security is a consequence of the limited assurance offered by many of today’s security technologies. Simplify your IT security architecture by picking technologies of proven security assurance. Less is more. 

  • Adopt a barbell strategy: a combination of high and low risk management strategies; protecting to the maximum possible extent your critical network assets allows you to take a more liberal approach to managing lesser risks.

 

How Garrison helps

Browser-based attacks are the primary means by which attackers reach users and manipulate information systems. Remote browsing, implemented in the right way provides a metaphorical wall that enables us to simplify IT security, by eliminating a whole class of web security threats. It has been used for years within secure government and is rapidly gaining attention. (If you have a Gartner subscription, look at its latest paper called ‘Beyond Detection’, which describes 5 evasion-resilient security patterns).

Garrison combines the government-grade security with hardware innovation in a product that enables enterprise users to browse the web without risk. 

Garrison’s Silicon-Assured Video Isolation (SAVI)® elegantly isolates web threats from trusted assets in a way that is highly assured. Come and meet us at the GBI CISO Conference in Cambridge on 4 July 2019 to find out how, or visit our website (www.garrison.com).

 

Epilogue 

Unfortunately, the most elegant solution to hedgehog woes is the ‘hedgehog highway’ that allows them to forage, nest and breed with greater freedom. If we spent on saving hedgehogs a fraction of what we spend on cyber security, I’m sure their lives would be safer.

 

Garrison will be present at our CISO event in Cambridge University on Thursday 4th July 2019. To learn more, contact GB Intelligence on 01633 749520 or at info@gbievents.com. 

To learn about other events like this, visit here.

Share this:
Is Your Organization Ready... CISO 18
Jun
Is Your Organization Ready...

by Brian Tuemmler, Information Governance Program Architect - Nuix

ObserveIT Blog CISO 19
Jun
ObserveIT Blog

New Ponemon Institute Study: Insider Threats Lead to Big Losses and Significant Costs

New Release: Agari Email Trust Platform CISO 21
Jun
New Release: Agari Email Trust Platform

New Agari Release Amplifies Protection Against Rise in Advanced Identity Deception Attacks

Request more information

You have missed out some details, please try again.

Your Name:
Job Title:
Company Name:
Email:
Phone:
Please answer the above question to prove that you are human.

©2019 Global Business Intelligence | All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. You can find out how we use cookies here.