WWT Chief Technology Advisor Dave Locke explains how the growing sophistication of cyber-attacks requires a more robust approach to cybersecurity in an article published in IT Financial magazine.

Published by Financial IT in the December 2018 issue:

The UK has been hit by more than 1,000 serious cyber-attacks over the past two years[1]. According to the 2018 Thales Data Threat Report, 69% of UK organisations report an overall increase in their IT security spending[2].

Governments and regulators have updated regulations and reporting frameworks in response to the evolving threats to make sure companies can prove compliance. Regulation standards such as CBEST, MIFID2 and GDPR have increased the mandate for companies to shift from annual compliance tick box activities to delivering ongoing assurance of critical systems.

Earlier this month, as part of this strategy, the UK government identified ‘operators of essential services’ that will be required to comply with the security and incident reporting requirements set out in the European Security of Network and Information Systems (NIS) Directive.

The directive requires the identified businesses and service providers to ensure their technology, data and networks are secured and cyber resilient.

This however, is easier said than done. The growing sophistication of cyber-attacks requires a more robust approach to cybersecurity. It’s becoming apparent that simply increasing spend on cybersecurity products is insufficient to combat the rising complexities of cyber-breaches.

With core business applications and their associated data being the biggest targets for bad actors, the first response by most companies is to segment their applications and impose layers of protection around each segment, denying free reign access to mission-critical applications across the network in case of a security breach in one part of the network. A properly implemented segmented environment can limit access by restricting lateral movement, which affords the enterprise a higher level of protection.

The underlying IT systems within these companies are highly complex, and whilst modernising them to provide vigorous cyber protection is not impossible, it is extremely difficult. These existing legacy systems are often decades old with occasional new features added over time, forming a complex patchwork of applications. As a result, companies typically have thousands of applications that are intertwined and interdependent.

View the full article on pages 42-43.

  • WWT & Syncurity Patch Management Overview

    WWT and the Syncurity IR-FlowSOAR platform solve the patch management challenge with a comprehensive solution that delivers rapid response and reduced cyber risk.
  • Business Insight Support System Overview

    Software tools that deal with network security can run on many disparate applications. WWT developed a Business Insight Support System that ties output from software solutions into one web-based portal, functioning as a single touch point for all network security data.
  • Host-based Segmentation Pilot

    Implement segmentation protection with a host-based pilot capability and demonstrate success in 90 days.
  • Integrated Endpoint Security Architecture Federal Overview

    For most organizations, the ability to demonstrate compliance to an assessment program directly correlates to the maturity of their cyber security program. Learn more about WWT’s approach to integrated endpoint security architecture for our federal customers.
  • Integrated Endpoint Security Architecture Commercial Overview

    Endpoint security must be part of an overall security architecture and strategy. If all the areas referenced in this paper are addressed and integrated within an environment, the result will be a level of protection that far exceeds anything a single point product can provide.
  • Professional Services Security Overview

    Our Professional Services architects can help to overcome the challenges of securing an organization’s infrastructure through network discovery, a security assessment and penetration testing.
  • Brownfield Modernization Demonstration Brochure

    To make brownfield modernization real for our customers and partners, we integrated an external Ethernet card into a 2004 six-axis Mitsubishi robotic arm.
  • Mobile Field Kit Overview

    WWT’s Mobile Field Kit is a fixed or portable threat monitoring system that can be used to secure the perimeter of the places of interest.
  • ASL Pair Programming

    Numerous studies have shown that Pair Programming improves productivity and design quality with minimal economic impact to the customer.
  • Splunk Appliance for IT Operational Intelligence

    Through operational intelligence, Splunk helps organizations detect potential problems and decrease response time to meet DCOI compliance.
  • Identity and Access Management

    Organizations understand that providing users with secure access can be challenging and strenuous. Identity and Access Management (IAM) is an enterprise program that focuses on ensuring that authorized people and devices have the appropriate access at the right time.
  • WWT Security Practice

    Explore WWT's approach to defending against cyber threats.