Keeping threats at bay: choosing the right cybersecurity consultancy
Whichever industry you happen to work in, the cybersecurity requirements which are the right fit for the job are going to be intrinsically specific. Even working environments between marketplace competitors will be sufficiently different to warrant a careful choice of data protection supplier.
You may be in charge of digital protection of a US$100 million oil refinery, or CSO of a string of urban healthcare facilities. But while the underlying precepts of cybersecurity remain the same, the specific threats, available attack vectors, consequences and best amelioration methods will differ wildly.
The stereotypical white hat protection expert may be a pasty young man dressed inappropriately for the office (such figures will figure somewhere in the mix!), but choosing a consultant for your industry-specific data protection policies isn’t a simple process. Here are some issues we feel you could bear in mind:
Accreditation – a good start, but…
Recognition of the acceptable standards which form an accreditation level takes significant time. There needs to be a widespread consultation process between academics, experts and industry practitioners, plus draft publications, feedback, amends, steering committee formulation, and so forth.
While this process creates standards on which, for instance, human life may depend – ISO 45001 for example – accredited standards in cybersecurity cannot, by definition, be the be-all-and-end-all of a consultancy resumé.
Why? Hackers change their tactics daily. Pieces of terminology in cybersecurity describe this paradigm well – zero-day exploits, for example. So, while accreditation on cybersecurity is valuable among your choice of suppliers, it should be regarded as the badge of a minimum level of attainment – more of a proof of commitment to the process of protection than a guarantee of safety for its clients.
Some elements of basic IT infrastructure are usually the same in every workplace & industry. Connections between LANs, edge computing facilities, the cloud, secure tunnels between internal nodes – underpinnings such as these are industry-agnostic.
But the essential technologies which run today’s enterprises are as various as organizations themselves. The similarities between the internet of things (IoT) devices in heavy industry such as manufacturing will be significantly different from the smart devices deployed by a branch of federal government, for example.
It is important to use a consultant or supplier who knows your industry’s specific requirements, potential defects and risk points – the importance of domain expertize should guide your decisions as to cybersecurity contractor.
Internal teams can, therefore, have some advantage over external providers – domain expertise being part of teams’ resumés – but third parties bring a broader knowledge of hacking, penetration, and exfiltration which adds value. Plus, of course, objectivity is a fresh eye and comes from experience from similar organizations, in the same sector.
OT, not IT
Operational technology (OT) is a distinction worth making from IT (information technology), as it refers to specific deployments which run an organization, equip its personnel and manage its physical plant or systems.
In the power industry, for example, OT would include distributed control systems (DCS), and telemetry devices monitoring distribution networks – right the way down to individual suburbs’ power lines. OT is often legacy equipment which has run operations for years, often since before the age of digitization.
A cybersecurity consultant and supplier should be aware of the OT situation in your industry. This might be an awareness of the latest specific iterations of a product’s capabilities or a way to approach a newly-discovered loophole in an older phalanx of industry-specific sensors, monitors or controllers. In some industries, recommended system architecture blueprints exist, and updates to OT can follow a recommended practice.
Legacy systems which may present high scores on risk assessments could be business-critical, and therefore a knowledge of appropriate threat mitigation measures is a must. Insights of value come from OT combined with IT nous, and an appreciation of business priorities.
While your organization may be committed to using an outsourced cybersecurity provision, the advantages of retaining at least a core in-house IT security team are numerous. Company-specific knowledge is garnered most effectively by long immersion in the workplace culture and environment, so developing your internal team – however small or large – helps create a pro-active raft of data protection policies.
Ideally, therefore, a cybersecurity consultancy should be able to offer training to your organization, specific to the industry but more importantly, tailored to the company’s needs, now and in the future.
The larger names in cybersecurity will undoubtedly attract some of the best emerging talent in data protection. Those providers are in a position to offer cutting-edge advice and solutions, but there may be a catch.
Consultants affiliated (or directly employed) by specific hardware & software manufacturers will almost invariably find that the “best” solution for your organization is supplied by their company.
And while that may be a very good fit, the suspicion of bias will always remain. An independent consultative body might not be able to offer the type of discounts on an overall solution their competitors can, but at least you can be more confident in the suitability of any portfolio.
Devil in the discovery
In cybersecurity, the speed of reaction is paramount. Isolating problems, solving them and being first to implement proactive barriers and measures against the next wave of attacks; these are the hallmarks of the gold standard in data protection.
However, the assessment, data gathering, consultation and preparation phase of the assessment in your facility should take a remarkably long time, and form the majority of the total process. A good craftsman measures three times and cuts once.
The ongoing nature of cybersecurity means that there is a significant alteration of protection and amelioration methods as time passes, but the scoping phase of your cybersecurity deployment should be deep, insightful and take into consideration the practical realities of the organization as well as its overall business aims.
Be prepared for a long haul – any consultant who promises a quick fix may be just trying to make a quick buck!
With these considerations in mind, we at Tech Wire Asia would like to draw your attention to the following three suppliers of industry-specific cybersecurity technologies.
This industry heavyweight offers a cybersecurity portfolio according to what it calls the life-cycle method. Specifically, this a process of:
- Assess: risks, skill gaps, staff competencies, malpractice – and emergency response provisions existing, or otherwise.
- Design: systems architecture design, according to accepted practices & standards.
- Implementation: centralized management, malware protection, backup & encryption, network monitoring, IoT protection.
- Monitor: on-going threat detection, ensuring continuous and effective operations.
- Maintenance: continuous review and update – powered by Schneider’s global threat intelligence center’s activities, plus academic research and supplier knowledge bases.
- Training: basic through highly advanced levels of training, specially customized for internal teams. Imparting a security-first mentality, leading to swift threat response – in a business continuity framework.
Schneider’s history and extensive portfolio of services right across large industry enable it to bring to the table experience with specific reference points based on practical measures & solutions. The global heavyweight’s expertise in industries like mining, power, manufacturing, and healthcare informs its cybersecurity provisions, making any deployment highly tuned to a specific vertical.
Schneider’s cybersecurity consultation and provision facilities are platform-agnostic, with no particular cyber threat management technology favored – the teams are free to pick and choose from whichever products they see as the best fit. Often selected to complement the existing Enterprise security model, or one that aligns with existing investments in operational technology and capital requirements.
The company’s size and knowledge provide a dynamic ecosystem of platforms and partnerships from which its clients can draw: this is the power of massed knowledge applied to your security provision.
Symantec leverages its strong relationships with global consultancy firms and system integrators to provide its clients with a broad range of data protection and cybersecurity technologies.
The company, something of a household name in both business and consumer markets, helps you develop appropriate strategies and measures to route your organization towards so-called Industry 4.0. This term is best summarized in cybersecurity terms as acceptance of protective technology into traditionally manual or non-tech industries, such as the factory floor or utility installations.
Symantec offers incident and breach response plan development, which includes public relations and crisis management, expert witness and litigation support – absolutely key in today’s PR-obsessed world.
The US-based company offers endpoint security as part of a wider range of security options which encompass most areas of technology in the enterprise. Its cybersecurity offerings protect virtual machines and embedded OSes, such as those found in network devices (routers, switches, etc.) IoT deployments in industry, as well as “traditional” computer protection across OSes.
Symantec’s marketing materials invoke this year’s buzz phrase of machine-learning – a flavor of artificial intelligence. Suspect files approaching the network wherever it exists across the enterprise are virtualized and “run” before any payload can be deployed. This practical preventative measure is one which protects much of the modern organization’s overall infrastructure.
Symantec’s intelligence network is described as “the world’s largest civilian threat network,” and currently oversees 179 million endpoints (devices of any variety) across 160 countries.
Palo Alto Networks technologies protect against data theft, malware, and damage to reputation with several specific solutions aimed at different points in the enterprise, each seen as a potential way which malware may be used.
The company’s breadth of expertize and experience extends from the network gateway (with technologies like firewalls), across the enterprise’s infrastructure & endpoints, and up to cloud provisions. Security offerings include levels 4 and 7 (application layer) protection, plus via its WildFire product, mitigation against zero-day attacks.
According to Gartner, by 2019 around 80 percent of web-oriented network traffic will be encrypted, so decryption will become increasingly important to ascertain threat levels – hackers’ activities will use encryption as camouflage. Palo Alto’s consultative division has published widely on best practices for decryption, addressing many of the Forward Trust certificate-related issues affecting the modern enterprise.
The company’s founders are largely accredited with inventing the concept of stateful firewalling and its rapid rise to public flotation only a few years after its startup is confirmation of the regard the company in which the company’s held.
Any consultation process should seriously consider Palo Alto for its firewalling technologies – and the company’s remit is expanding, thanks at least in part to an aggressive acquisition strategy.
*Some of the companies featured in this article are commercial partners of Tech Wire Asia