BAE Systems Applied Technology Intelligence FocusFeature - CCTV
Why intelligence-led penetration testing needs to be the proactive defence in every business As the cyber threat landscape evolves, so too does the need for more robust defences, as well as realistic, or ‘real-life’ testing of those defences. The increasing speed and variety of digital threats and defence mechanisms has led to the rise of threat intelligence as a specialism within the security field. In turn this has ushered in a new model for testing enterprise networks: intelligence-led penetration testing. Dr Malcolm Shore, Technical Director Australia, BAE Systems Applied Intelligence, said, “Intelligence-led penetration testing delivers information that companies can use to provide meaningful insight into how vulnerable the organisation’s network is to cyber attack, as well as the likely consequences of a successful attack. As a result, this type of testing can help business leaders make the right decisions to create a proactive defence.” “Intelligence-led penetration testing specifically mimics existing, up-to-the-minute threats, so it gives businesses a clearer picture of their risks, strengths and weaknesses. These tests involve replicating the work of sophisticated cyber criminals that threat intelligence has identified as presenting a significant risk,” Dr Shore said. “In the cyber age, security testing should be based upon rich contextualised threat intelligence, which informs and guides how the testing should be conducted, what attack methods should be simulated and where testers should focus their resources. “This method of testing provides a more structured and effective approach for companies to mitigate their cyber risk and understand the real effectiveness of the key technical security controls they have in place. “Our company in the UK recently became the first company in the world to secure Bank of England approval to deliver both threat
intelligence and penetration testing services to the UK financial services sector under the CBEST scheme. “In an environment where the amount of information being stored and processed has exploded, big data is the norm, and companies are interconnected, there are more hiding places and vulnerabilities than ever before. Keeping track of and protecting against all the relevant threats is a massive undertaking that is only going to get more complex. Businesses must evolve to an intelligence-led security programme or risk being unprepared for the next wave of cyber crime,” Dr Shore said.
Public Wi-Fi networks a threat to your businesses’ data Recent announcements around free and open public Wi-Fi being rolled out in towns and cities across Australia is great news for consumers, but may expose businesses and their employees to data breaches if companies don’t protect against it, says Rajiv Shah, General Manager, Australia for BAE Systems Applied Intelligence. As it becomes more common for employees to BYOD (Bring Your Own Device) and for businesses to allow employees to use their own devices to connect to corporate networks, associated security risks to the enterprise are also increasing. Organisations that fail to protect themselves against these risks and secure their information may be putting company data into the hands of cyber criminals. Dr Rajiv Shah, said: “When users access unencrypted networks, attackers can easily hijack the session and not only gather all sorts of sensitive information, including passwords, but also potentially inject malicious code to compromise the device.” “This makes everything on the device vulnerable – including any corporate data. If an employee then connects a compromised device to the corporate network this can be a backdoor route to let a determined criminal mount an even wider-ranging attack,” Dr Shah said. BAE Systems Applied Intelligence suggests
WHITE PAPER - THE DATA LAKE - READY TO TAKE THE PLUNGE? We live in a time of uncertainty for the traditional Enterprise Data Warehouse (EDW).
www.baesystems.com/ai
three steps for businesses to protect their corporate networks: 1) Implement and enforce a strong security policy. Organisations should conduct a prioritised assessment of the risk that any mobile device, whether company owned or BYOD represents and develop a clear policy explaining how employees should use devices and setting out the security measures to protect information. Properly thought-through security will provide benefits to employees without unnecessarily impacting on the use of their personal devices. 2) Educate employees. Businesses must educate employees about the risks of using their own devices and prioritising convenience over security. An obvious step would be education about the risks of using open, unencrypted Wi-Fi connections. This is one part of getting employees to care about security and understanding that they have an important role to play in keeping the organisation’s cyber security risk to a minimum. 3) Implement appropriate security controls. Traditional mobile device management solutions will go some way to protecting companies, but there is much more that businesses can do. Businesses should install a multi-layered security model that includes device configuration and management, appropriate secure connection methods, on-network content filtering solutions, and ongoing monitoring of corporate networks. For example, an appropriately encrypted VPN service could be used on untrusted networks. This can be combined with a global, cloudbased security solution that can scan the content and source the destination address by using specialised detection methods which block security threats and unacceptable content. “Companies need to consider appropriate security measures to protect against cyber criminals accessing their information and networks through activities staff may think are seemingly harmless,” Dr Shah said.
WHITE PAPER - 5 STEPS TO IMPROVED OPERATIONAL SECURITY In the modern world, for many of us working to tackle cyber crime, the goal of building effective operational security is not only to be able to identify, investigate and re-mediate cyber attacks and crimes conducted in cyber space which impact on the real world, but to prevent such attacks from occurring in the first place.
Australian Security Magazine | 13