03 January 2018
The issue of cyber security was one of the major stories of 2017. Firms are investing more than ever to try and protect their clients and businesses from increasingly sophisticated attacks – but when, where and how to invest against an evolving and invisible threat is a question many boards are unsure how to answer. Daniel Ng, CEO of CyberOwl spoke to Enterprise to outline why a dynamic approach to cyber security is the most effective way to maintain defences.
Engaging the cyber problem
Traditional cyber security relies on static protection methods. In practice, this means that companies make a best guess of their risks and vulnerabilities, and then try to put in defences based on that best guess. In reality, as soon as they’ve finished building defences against those initial threats, attackers have already moved on and are finding different ways of getting into their businesses.
Static approaches are incredibly archaic: not only do you end up in a situation where your defences don’t match your threat profile, but you’re also either entirely unprotected against those threats, or have totally overspent or both. Budgeting for cyber security is an interesting question for any Chief Information Security Officer: “how much budget should I request for cyber security?” If you have no idea what threats you’re facing, that number is actually pretty arbitrary.
Building a dynamic response system
What if, as an alternative, you could have up- to-date awareness of what your threat level is? With this knowledge, you could tune your defences up and down dynamically - based on real-time information.
The idea is to match your resources spend to the threats that you face. What CyberOwl aims to do is fulfil that paradigm: giving people access to a dynamic, proactive defence.
Broadly, contemporary approaches to cyber security focus on three areas: