I (Philip Fanthom, Managing Director at Jenrick IT) was lucky enough to attend a briefing on Cyber security whilst at the DSEi last week, which I found very informative. During the briefing, we were given an overview of the key areas of threat via cyber attack to both national infrastructure and to private enterprise.
The three main threat areas are:
- Service Distortion - the deliberate act to stop an online service being delivered
- Information infiltration/theft - the act of distorting or accessing information for gain
The Chatham House report
- Unknown access - where active agents have access to a system/infrastructure without any detection
(Released September 2011) gives a complete overview of; Perception of Threats, Managing cyber dependencies, Information communications, and Building a cyber secure culture.
Some of the conclusions from the report are as follows:
- Government cannot provide all the answers and guarantee national cyber security in all respects for all stakeholders. As a result, Critical National Infrastructure enterprises should seek to take on greater responsibilities and instil greater awareness across their organizations
- All organisations should look in more depth at their dependencies and vulnerabilities. Awareness and understanding of cyberspace should be 'normalised' and incorporated and embedded into standard management and business practices within and across government and the public and private sectors
- Cyber terminology should be clear and language proportionate to the threat. It should also encourage a clear distinction to be made between IT mishaps and genuine cyber attacks
- Research and investment in cyber security are essential to meeting and responding to the threat in a timely fashion. However, cyber security/protection should not be the preserve of IT departments but of senior executive boards, strategists and business leaders and it should be incorporated into all levels of an organisation.
- Jenrick IT are actively recruiting for specialists within the cyber security space at present. Current requirements include; Java Consultants, Technical Solutions Architects, Transition managers, Security Consultants (CISSP, CISA), CLAS Consultants, Infrastructure Engineers, Service Architects, Support Applications Architects.