WWT Chief Technology Advisor Dave Locke explains how the growing sophistication of cyber-attacks requires a more robust approach to cybersecurity in an article published in IT Financial magazine.

Published by Financial IT in the December 2018 issue:

The UK has been hit by more than 1,000 serious cyber-attacks over the past two years[1]. According to the 2018 Thales Data Threat Report, 69% of UK organisations report an overall increase in their IT security spending[2].

Governments and regulators have updated regulations and reporting frameworks in response to the evolving threats to make sure companies can prove compliance. Regulation standards such as CBEST, MIFID2 and GDPR have increased the mandate for companies to shift from annual compliance tick box activities to delivering ongoing assurance of critical systems.

Earlier this month, as part of this strategy, the UK government identified ‘operators of essential services’ that will be required to comply with the security and incident reporting requirements set out in the European Security of Network and Information Systems (NIS) Directive.

The directive requires the identified businesses and service providers to ensure their technology, data and networks are secured and cyber resilient.

This however, is easier said than done. The growing sophistication of cyber-attacks requires a more robust approach to cybersecurity. It’s becoming apparent that simply increasing spend on cybersecurity products is insufficient to combat the rising complexities of cyber-breaches.

With core business applications and their associated data being the biggest targets for bad actors, the first response by most companies is to segment their applications and impose layers of protection around each segment, denying free reign access to mission-critical applications across the network in case of a security breach in one part of the network. A properly implemented segmented environment can limit access by restricting lateral movement, which affords the enterprise a higher level of protection.

The underlying IT systems within these companies are highly complex, and whilst modernising them to provide vigorous cyber protection is not impossible, it is extremely difficult. These existing legacy systems are often decades old with occasional new features added over time, forming a complex patchwork of applications. As a result, companies typically have thousands of applications that are intertwined and interdependent.

View the full article on pages 42-43.

  • Next-generation Firewall Workshop

    WWT’s Next-generation Firewall (NGFW) Workshop can help identify and install the right firewall platform for your business.
  • Patch Management Assessment

    WWT's Patch Management Assessment evaluates and improves your organization's ability to fix bugs and other vulnerabilities in a workshop setting.
  • Security Incident Tabletop Exercise

    WWT's Security Incident Tabletop Exercise is a workshop designed to help your business improve its response to and recovery from cybersecurity events.
  • Red Hat VNF Certification

    Virtual Network Functions are critical to NFV deployments. WWT is partnering with Red Hat to validate the functionality of leading OEMs' virtualized Evolved Packet Core (vEPC) and virtualized IP Multimedia Subsystem (vIMS) solutions installed on Red Hat OpenStack Platform version 13.
  • Patch Management as a Service

    WWT created Patch Management as a Service to close the gap between knowing about vulnerabilities and actually patching them.
  • ServiceNow Automation & Orchestration Brochure

    Leverage WWT's ServiceNow Automation & Orchestration expertise to accelerate your company's ServiceNow journey. Our ITSM practice and Services Catalog of more than 50 no-touch automations can help you get the most out of this exciting technology.
  • WWT & Syncurity Patch Management Overview

    WWT and the Syncurity IR-FlowSOAR platform solve the patch management challenge with a comprehensive solution that delivers rapid response and reduced cyber risk.
  • Host-based Segmentation Pilot

    Implement segmentation protection with a host-based pilot capability and demonstrate success in 90 days.
  • Integrated Endpoint Security Architecture Federal Overview

    For most organizations, the ability to demonstrate compliance to an assessment program directly correlates to the maturity of their cyber security program. Learn more about WWT’s approach to integrated endpoint security architecture for our federal customers.
  • Integrated Endpoint Security Architecture Commercial Overview

    Endpoint security must be part of an overall security architecture and strategy. If all the areas referenced in this paper are addressed and integrated within an environment, the result will be a level of protection that far exceeds anything a single point product can provide.
  • Professional Services Security Overview

    Our Professional Services architects can help to overcome the challenges of securing an organization’s infrastructure through network discovery, a security assessment and penetration testing.
  • Brownfield Modernization Demonstration Brochure

    To make brownfield modernization real for our customers and partners, we integrated an external Ethernet card into a 2004 six-axis Mitsubishi robotic arm.