2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
From Compliance to Resilience: Strengthening Cybersecurity in a Changing Threat Landscape
4tech Software
AdrianIn today’s fast-paced digital world, cyber threats are increasing at an alarming rate. From data theft to ransomware attacks and disruption of service, the changing cybersecurity landscape is posing challenges for organizations worldwide. The days of NonStop security by obscurity are gone as organizations look to establish an enterprise-wide approach to cybersecurity. The traditional approach of ticking boxes for compliance is no longer enough to protect sensitive data and ensure the continuity of business operations. Instead, a more proactive and comprehensive approach towards cybersecurity is required, one that emphasizes cyber resilience.
In his latest blog post published to the 4tech web site, Greg Swedosh, CTO, 4tech Software provides a detailed analysis of what it means to build defences that can withstand today’s attacks on the systems we depend on in support of our mission-critical applications. “This article aims to provide insights into cyber resilience for the HPE NonStop server environment and the need to move beyond mere compliance to establish a strong cybersecurity setup that can withstand cyber-attacks,” said Greg. To read this post in full you need to follow this link to the 4tech web site – https://www.4tech.software/cybersecurity
Among the highlights to be found in Greg’s post and as an incentive to read the post in full, you will find a much deeper dive into many of the aspects of cyber security. “Cyber resilience can be defined as the ability of an organization to maintain essential business operations, quickly recover from cyber-attacks, and adapt to changes in the cybersecurity landscape,” said Greg. “It is a holistic approach that goes beyond compliance and focuses on identifying vulnerabilities, mitigating risks, and enhancing the overall security posture. Cyber resilience requires a combination of technical controls, policies, procedures, and human resources that work together to reduce the likelihood and impact of cyber incidents.”
The need for defence in depth:
Defence in depth is a layered security approach that involves using multiple security measures to protect an organization’s systems and data, and it is vital in the steps towards cyber resilience. It means that instead of relying on a single security solution, a range of measures are used to increase the overall security posture. Each layer provides an additional level of protection, and if one layer fails, the next one can prevent or minimize the impact of the attack. Defence in depth security helps to ensure that if an attack occurs, the organization is better able to detect and respond to the threat, reducing the likelihood of a successful attack.
The following should all be considered a vital part of your security regime:
- Strong authentication – controlling who can access your systems is obviously crucial and so the first point to address is making sure that anybody trying to access the system is challenged strongly to ensure that they are authorized.
- Strong access controls to system and data objects – Safeguard should be configured to deny access to any files or subvolumes for any userid that does not specifically need it.
- Encryption or tokenization of sensitive data – All sensitive data should be tokenized or encrypted. PCI DSS requirement 3.4 states that sensitive cardholder data must be protected in this manner, but to this point in time many organizations have achieved compliance by using compensating controls to “satisfy” this requirement. With the PCI DSS 4.0 move away from compensating controls, as well as the availability of intercept technology and format preserving tokenization to enable implementation with no application or database changes, organizations should look at moving towards fully complying with this requirement to protect their data. HPE Tokenator can be used to fully protect your sensitive data.
- Data leak prevention – Early detection is key, so an automated tool that detects and alerts when any sensitive data appears on your systems in unauthorized locations should be considered.
- “Off box” security logging and real-time security alerting – All security related logs should be shipped off the NonStop to a SIEM device, which can be done using standard XMA …It is imperative that there is strong liaison between the NonStop knowledgeable employees and those responsible for the SIEM to ensure that appropriate security events are alerted upon to ensure early detection of any potential misuse.
To read further insights on these points as well as on the full list provided by Greg, you will need to turn to his post.
In summary, Traditionally NonStop users have often had an “it couldn’t happen on our platform” approach. But, could it? Remote working has increased the risk of insider attacks due to a lack of oversight, access to company data and in some cases, inadequate security measures. It is certainly technically possible for somebody to encrypt key parts of your system if they have the inappropriate access. Telling an internal security team who are trying to put enterprise-wide counter measures in place that, “yes, it is technically possible on the NonStop, but we don’t think it will happen to us” is not really going to fly anymore.
In response to the growing threat of cyber-attacks, the European Union has introduced the Digital Operational Resilience Act (DORA). DORA aims to ensure that the financial sector has a sound cyber resilience framework, covering both the technology and the human aspect of cyber risks. It requires financial institutions to identify and map their IT systems, assess the cyber risks they face, and establish a robust incident response plan. The aim is to minimize the impact of any potential cyber breach by early detection and fast recovery. Other nations are likely to follow with similar regulations.
Cyber resilience is the ability of an organization to prepare for, respond to, and recover from cyber-attacks while maintaining the confidentiality, integrity, and availability of its systems and data. It involves a proactive approach to cybersecurity, focusing not only on preventing attacks but also on detecting and mitigating them quickly to minimize their impact.
Should you be looking for more information on 4tech Software products to strengthen cyber resilience, then look for our presence at further NonStop community events in 2023 or reach out to us directly by turning to our contact page on the 4tech Software web site:
https://www.4tech.software/contact-us