28 DECEMBER 2017/JANUARY 2018 www.vanguardcanada.com
F
or business and government,
cyber security is the new arms
race. We defend, and the ene-
my counters. We respond, and
so do they. The cycle escalates
in perpetuity.
A strong cyber defence is an integral
part of good IT operations. Operate and
defend are effectively two sides of the
same coin and a denial of service (DDoS)
attack is still an attack whether it comes
from an external source, or as a result of
an error from your own IT department.
You need to be able to respond to both
effectively and have a clear understanding
of the routes, or attack vectors, through
which the breach occurred. Whether it's
a malicious attack or an error, you'll need
the same business continuity and disaster
recovery plans and capabilities in place.
To truly understand the potential attack
vectors, you first need to have total vis-
ibility of all the assets on your network
and their current status. As part of the
process, you will need to evaluate the
network paths across all systems and tele-
com carriers. While asset classification and
identification are among the less glamor-
ous aspects of information security, they
are as essential to it as they are to good
IT operations.
The disturbing fact is that very few or-
ganizations have such a detailed under-
standing of their networks. Bad guys get
in because they get to know your network
a lot better than you do. They discover
vulnerabilities and press at those points
like a hot knife through butter.
To my mind, the safest approach is to
assume that you have been compromised
and work on what needs to be done to ad-
dress this. I call this approach Cyber De-
fence in Depth.
Defending in depth
Cyber Defence in Depth is a proactive
posture that uses multiple methods at dif-
ferent layers to protect IT systems against
attacks. People tend to think of cyber
protection primarily in terms of perimeter
protection, such as a firewall, but forget
about the other layers, which are equally
if not more important. A medieval castle
is a helpful metaphor: you can build high-
CYBER DEFENCE
IN DEPTh:
high walls alone won't defend
the castle
BY MIKE SToNE
