Uleska recently exhibited at CyberUK 2019 in Glasgow’s Scottish Event Campus. The event highlighted the progress that needs to be taken within cyber security and showcased innovative solutions currently on the market. Here are Uleska’s top five takeaways from the event.
CyberUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors.
The conference showcased evolving cyber threats that face the UK and how we must respond as individuals and organisations to keep cyber security one step ahead of malicious hackers.
Here are our top five security trends.
1) Many companies are in need of faster and more frequent software security checks and assurance.
In today’s software-driven climate, major companies are releasing software updates thousands of times a day. Amazon, for example, was doing a production deployment every 11.6 seconds in 2013.
Current testing to determine the weaknesses within an application can take months, and with software releases being pushed so frequently the traditional processes simply cannot guarantee software security.
This lack of speed and frequency can lead to release and security management practices being ignored. Akin to building skyscrapers from the same materials we used to build huts, if this continues we can expect software to continue to randomly, and catastrophically, fail.
The need for faster and more frequent security testing has also been pointed at the skills gap within cyber.
Gillian Arnott, International Communications and Marketing Manager, and Nick Chaffey, Chief Executive UK and Europe for Northrop Grumann asked the question of how we are going to meet the government target of filling 1.2m new technical roles.
Through engaging, educating and enthusing a new generation of cyber security practitioners, they are confident that they can capture new ability to push for innovative ways to test faster and more frequently.
2) Automation and orchestration of software security is moving from industry advisories, such as Gartner and Forrester, into everyday practice by industry.
Last year, for example, Gartner advised that by 2020 15 per cent of organisations with five or more IT security professionals will be using automation and orchestration tools to security test.
This advice has already started to work its way into best practices and many are taking the ASTO approach to security testing.
Speaking at CyberUK Cyber Security Partner at PwC, Colin Slater, backed up their everyday practices coming to fruition. He spoke about automation and orchestration services letting organisations hunt the threats they need to focus on, not just the alerts.
3) Consulting organisations servicing the public sector are being asked to innovate around their services, due to pressures on time, scope, and pricing.
The public sector faces a multitude of pressures, not least the financial challenge of shrinking budgets and increased expectations of service users.
Due to the speed of software development, the increasing scope of vulnerabilities and the expense of traditional security testing, public sector serving security companies are having to change the way they approach security testing and operations.
4) Regulatory concerns, in terms of breach fines, continue to be the largest driving factor in the procurement of cyber security services. However, with more and more public sector initiatives involving software, the scale of this challenge is growing fast.
If a data breach doesn’t kill your business, the fine might.
Breaches and the associated fines have a massive negative impact on a company’s customer base, particularly if the breach involved sensitive data.
This fine driven fear has prompted numerous organisations to obtain cyber security resources, however, these organisations are starting to see the scale of security that is now needed due to the vast initiatives involving software.
5) The NCSC advisories on Cloud First and the 14 principles of Cloud Security are proving to be strong advisories, allowing public sector departments to involve these advisories in their procurement and evaluation discussions.
Everyone wants to know that their information is safe and secure and businesses have legal obligations to keep client data secure.
Two of the NCSC’s most senior researchers into cloud usage outlined some of the biggest threats that come with using the cloud. Their talked outlined some of the 14 principles in greater detail and presented the latest thoughts on laaS vs. “serverless” technologies.
NCSC’s 14 principles include the likes of a Governance framework, identity and authentication and secure development.
This advisory list details the context for the 14 Cloud Security Principles, including their goals and technical implementation, which means that any level of personnel in an organisation can understand the framework that needs to be in place for safer cloud security.