NC May-Jun 2022

More documents

Recommendations

Info

OPINION: CYBER RESILIENCE STRENGTHENING THE UK'S CYBERSECURITY RESILIENCE NEW LAWS ARE BEING PROPOSED BY THE UK GOVERNMENT TO DRIVE SECURITY STANDARDS IN OUTSOURCED IT SERVICES USED BY ALMOST ALL UK BUSINESSES The proposed laws come in the wake of recent high profile cyber attacks targeting SolarWinds and Microsoft Exchange Servers, which highlighted vulnerabilities in third-party products and services which can be exploited by cybercriminals. Mike Foster, Channel Manager, VIPRE explains how these laws will affect the channel market and help to strengthen the country's cyber resilience, with MSPs taking on a more important trusted advisor role than ever before. THE ROLE OF THE TRUSTED ADVISOR Since 2018, Network and Information Systems (NIS) Regulations have been in force to improve the cybersecurity of companies which provide essential services, such as water, energy, transport, healthcare and digital infrastructure. These regulations require such businesses to undertake risk assessments, put in place reasonable security measures to protect their network, and report any significant incidents whilst having plans in place to recover if an attack occurs. Those who fail to implement effective cybersecurity measures can be fined as much as £17 million. However, the government now wants to widen the list of companies that comply with such measures to include Managed Service Providers (MSPs). With more businesses undergoing digital transformations and shifting to the cloud, which was accelerated over the pandemic as a means to survive, there has been an increase in dependence on MSPs to act as a business' trusted advisor to assist them on their digital journey. These IT partners are also crucial in boosting the growth of the country's £150.6 billion digital sector, and therefore play a monumental role in the economy. Outsourced IT services should create a solid cyber security strategy for the businesses who choose them. Security standards should therefore be high - especially to battle the ever-developing and innovative cybersecurity market, with new methodology and tactics constantly evolving from hackers. As highlighted in the Government's recent announcement: "Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. Additionally, outsourced IT providers have the 28 NETWORKcomputing MAY/JUNE 2022 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
OPINION: CYBER RESILIENCE knowledge, skills and solutions for businesses to benefit from and leverage to keep their data, networks and users safe. By partnering with an established MSP who can act as an external security partner to help businesses achieve cyber resilience, the pressure and responsibility of defending the business against cyber threats will lay with the expert. This creates a unique opportunity for MSPs to guide customers on their cybersecurity journey and ensure they are receiving relevant education and have the right technology and tools in place to protect their businesses. By identifying the gaps in their cyber needs, or allowing an MSP to make these judgments, a strong infrastructure can be built upon the business' existing setup. REPORTING INCIDENTS AND DAMAGE LIMITATION Other published proposals include improving the way organisations report cybersecurity incidents and reforming legislation so that it is more flexible and can react to the speed of technological change. This is specifically timely due to the increase in ransomware attacks, particularly during the peak of COVID-19, which saw twice as many ransomware attacks occur - taking advantage of remote workers being away from the help of IT teams, and of the businesses that pay the ransom fee, such as in the Colonial Pipeline attack, where the cybercriminal group DarkSide were paid nearly $5m (£3.6m) in ransom. If a ransomware attack were to take place, it is important that the organisation works with local authorities to try to rectify the issue and follow their guidance. Often, many ransomware attacks go unreported - and this is where a lot of criminal power lies. Prevention is always better than cure, and damage limitation and containment are important right from the outset. Most organisations should have a detailed disaster recovery plan in place and if they don't, they should rectify this immediately. The key to every disaster recovery plan is backups. Once the breach has been contained, businesses can get back up and running quickly and relatively easily, allowing for maximum business continuity. As soon as the main threat has passed, it is recommended that all organisations conduct a full retrospective audit, ideally without blame or scapegoats, and share their findings and steps taken with the world. Full disclosure is helpful - not only for customer, client or patient reassurances, but also for other organisations to understand how they can prevent an attack of this type being successful again. EQUIPPING BUSINESSES ON THEIR CYBERSECURITY JOURNEY The UK Cyber Security Council, which regulates the cybersecurity profession, also needs powers to raise the bar and create a set of agreed qualifications and certifications so those working in cybersecurity can prove they are properly equipped to protect businesses online. With security breaches showing no signs of slowing down, MSPs must be constantly vigilant and develop cyber resilience approaches that go beyond deploying security solutions. This means having not only the market-leading technology available, but also the technical expertise to support business security plans and growth. MSPs must take a proactive role in understanding the current state of a customer's ability to protect against, prevent and respond to modern cyber threats when recommending the best approaches to true cyber resilience. Have they engaged in phishing penetration testing? Is sending an email to the wrong person an embarrassing mistake or a data breach? Are they using a layered and dedicated security approach or settling for security as part of a broader 'cloud services' package? These are just some of the key questions MSPs should be asking when they look to fulfil their trusted advisor role. CONCLUSION MSPs have privileged access to their client's networks and systems, potentially enabling attackers to attack a wide range of organisations through a single breach. This is why it's of the utmost importance for all outsourced IT providers to understand the role they play in keeping business data secure, while also educating their customers on how to become more cyber resilient. Combining MSP knowledge and expertise with government-backed credentials should surely be a winning formula for the IT security industry and enable MSPs to prove to their clients they have what it takes to keep their businesses secure. NC WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards MAY/JUNE 2022 NETWORKcomputing 29
Page 1: NETWORKcomputing I N F O R M A T I
Page 4: CONTENTS CONTENTS M A Y / J U N E 2
Page 7 and 8: INDUSTRY NEWS The Council, which ha
Page 9 and 10: PRODUCT REVIEW TREND Networks LanTE
Page 11 and 12: PLEASE VOTE NOW Many thanks to ever
Page 13 and 14: FEATURE: ZERO TRUST important facto
Page 15 and 16: FEATURE: ZERO TRUST A BETTER NETWOR
Page 17 and 18: PRODUCT REVIEW CloudCall - The CRM
Page 19 and 20: FEATURE: PUBLIC SECTOR IoT IoT: THE
Page 21 and 22: FEATURE: PUBLIC SECTOR IoT investme
Page 23 and 24: FEATURE: CLOUD SECURING THE NEW HYB
Page 25 and 26: FEATURE: CLOUD So what's going on?
Page 27: PRODUCT REVIEW Progress WhatsUp Gol
Page 31 and 32: PRODUCT REVIEW Fluke Networks Fiber
Page 33 and 34: OPINION: DATA CENTRES but also allo
Page 36: SUPERMICRO Edge Building Blocks Acc

NC May-Jun 2022

Create successful ePaper yourself

Delete template?

Save as template?