Help is on hand for newcomers to data security
The Institute for Critical Infrastructure Technology has warned that the days of security theatre i.e. the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to actually achieve it - are over.
Highly organised and hyper-evolved adversaries assault and successfully breach our virtually defenceless IoT perimeters, networks, devises and virtually anything attached to each organisation’s technical microcosm. A new standard for critical infrastructure cyber security is a mandatory prerequisite to viable defence.
SP 800-160 offers useful strategies that can raise the bar for cyber defence and can be implemented quickly and drastically minimise traditionally vulnerable attack surfaces laid siege by state sponsored APTs, hacktivists, sophisticated mercenaries and cyber jihad hackers. The threats are real - most networks are vulnerable and adversaries are consistently devising exploits that render devastating impact to targets.
The condensed review of SP 800 – 160, entitled NIST SP 800-160: For the Rest of Us - An ICIT Summary, is meant to assist those new to this arena and want to delve into the useful strategies in the original report but may be limited in comprehension of technical jargon and industry vernacular. This version does not replace the full value of the original document authored by NIST - rather it can be considered a simplified and quick reference guide in a more consolidated format for those newer to this space. The full report can be downloaded via the link below.
It’s the responsibility of every senior executive to encourage a vigilant and security centric organisational culture. It’s the responsibility of each individual to use cyber hygienic practices that thwart threat, and its absolutely necessary for security professionals to conjure the moral courage needed to speak up when optimal security mechanisms are not implemented and vulnerabilities lay wide open for adversarial exploitation. With the technologies and layering techniques so readily available, there are no longer any justifications for organisations that possess gaping vulnerabilities throughout their network. It is imperative that security professionals take time to study and apply these and other standards and strategies that will accelerate the velocity in which companies catch-up with and combat bad actors in this continuously compounding threat landscape.