A LEADING cybersecurity expert will urge Scottish businesses to switch the focus of how they approach security threats to match the dexterity shown by cyber attackers.
The call from Rick Hemsley, managing director of Accenture Security, will come at the third Scot-Secure conference in Edinburgh tomorrow, which will be looking at raising security across business sectors.
It comes after an Accenture Global Security Report highlighted “an astounding level of breaches”.
Hemsley’s workshop will focus on changing how organisations think about protecting their most valuable assets, moving from the traditional approach of resisting attacks to how detect, respond and recover.
He told The National: “For a long time organisations have adopted a similar model where they try to protect the perimeter, resist attack and put a lot of effort into doing the same thing over and over again with the newest, latest greatest technology, and ultimately it’s not succeeding.
“There’s a need to move the paradigm on. The hackers change their models, move on and come up with different strategies and tactics.
“An apt analogy is the Italian rugby team against the English where they didn’t play by the model England were expecting them to, and that’s the same as a cyber attacker – they are not going to do what you want them to do.
“Fundamentally you have to be more agile and look at the problem in a different way and that’s why organisations have to move from a model where they passively resist and try to repel attacks to one where there’s a slight degree of acceptance that it’s not if, but when someone succeeds and gets within your environment.
“Then you move quickly to detect those adversaries and ultimately recover, keep the lights on and the business running.”
Accenture’s Global Security Report last year revealed that organisations surveyed had faced more than 106 targeted attacks every year, and that around a third were successful.
Research also found that 75 per cent of global business leaders were confident in their organisation’s cybersecurity strategies and ability to defend against an attack.
But Hemsley said the “insider” threat remained a major concern.
“A multi-disciplinary approach is needed to address it,” he said.
“Having the correct access controls in place to limit access and not let everyone roam in your network.
“Firms should have strong identity and access management in place in the environment, segregate data in sensible ways. Don’t just allow people to keep access rights forever.
“I’ve seen instances where in a very high-tech company they had a number of graduates on rotation that would take them through all the different technical departments.
“What we discovered was that the graduate would go from department A to department B and would retain the access rights from the first department and then go on to department C and be more rights would be added.”
Hemsley added: “By the end of their rotation through every function in the firm, they had rights to every single bit of data, of intellectual property that the firm had, and they didn’t need it.
“So there’s a huge risk there.”
Scot-Secure 2017 on Cybersecurity for Business is at Dynamic Earth in Edinburgh, tomorrow.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here