Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/925007
www.vanguardcanada.com DECEMBER 2017/JANUARY 2018 29 er walls, but the risk is that you become complacent and forget that attackers can still tunnel under or poison food and wa- ter stores to spread virus and disease. There is another problem with living in a castle with high walls and closed doors: you have not only made access difficult for your enemies, but for your friends as well. Getting comfortable with intruders Perimeter protection has value, but is not the be-all and end-all. However, the ma- jority of people invest their time in anti- virus and firewalls. Anti-virus software may clear 60 to 70 per cent of the junk, but you have to remember that there is a likelihood that there are cracks in the firewall that can be used to get in, un- less you cut your network off from the outside world entirely, and even then you can't be sure! Organizations should operate on the assumption that their firewall has been breached and that there are people already inside the network who should not be there. So, then you must ask, what needs to be true for you to be "comfortable" with uninvited guests inside your net- work? Firstly, you need to be able to detect, contain and remove malicious software, or malware, as rapidly as possible. Sec- ondly, if uninvited guests are still inside then you need to ensure that they can't steal any information or that what they can exfiltrate is worthless, which is where digital rights management has a signifi- cant part to play. When developing a cyber defence strat- egy, remember the castle metaphor and don't let high walls lull you into a false sense of security. The most important thing is not whether a network has been breached, it's whether you can protect what is most important – the organiza- tion's 'crown jewels' – its data and infor- mation. To be successful, organizations should develop multiple approaches in- cluding planning, strengthening internal protections, training employees, as well as guarding the perimeter. Given that most security breaches are caused by human error or omission, it makes sense to include a robust train- ing program for employees that provides the tools to mitigate security risks. One important technical step is to improve security for devices on your network, known as end-points, as these are often You can build higher walls, but the risk is that you become complacent and forget that attack- ers can still tunnel under or poison food and water stores to spread virus and disease. the weakest link in security and are usually operated by employees. In planning a cyber defence, assume the castle walls will be breached and plan for it. Mike Stone is KPMG's Global Head of Technology Transformation for Infra- structure, Government and Healthcare. He served as an officer in the British Army for 28 years and has worked as Chief Digital Information Officer for the UK Ministry of Defence as well as Presi- dent of Service Design and Chief Infor- mation Officer for BT Global Services. This is the first in a series by Mike Stone on Cyber Defence in Depth, with future ar- ticles discussing specific areas of work. cybersecurity