Amar Singh, CEO and co-founder of Cyber Management Alliance, industry influencer and cyber security specialist, and Chair of ISACA’s UK Security Advisory Group, recently discussed with Cylance his reasons behind his belief that “Good Enough just isn’t Good Enough” when it comes to data security.
Amar says the root cause of the issue is around budgets. Most people when talking of Ransomware has this belief that it won’t happen to me so good enough is acceptable. But the Wannacry attack and recent shadow brokers releases are going to reinforce the message that just having a free or a 'good enough' approach is not really good enough to prevent an attack.
Detection and response are really important, says Amar, but you still have to focus on prevention. Historically, prevention has always been ‘how do we do the bare minimum?’ Wannacry was the wake-up call. Shadow brokers are going to release more stuff, which means businesses, governments and organisations are going to be hit again. We cannot any longer say it’s good enough; it isn’t. For Amar, it’s got to be a risk-based approach but he warns that it’s going to take a lot of investment in prevention also.
Apart from regular virus awareness education, one of the biggest changes Amar sees is culture change. Unless culture change within a business or organisation comes from the top and leading downwards, nothing is going to change. You can have all the tools you want but if no one is aware that the CEO takes cyber security seriously, the rest of the business isn’t going to take it seriously either. It’s only when something like Wannacry hits, then suddenly everyone is ‘running around like headless chickens’.
Instead of over-complicating it, we have to look at the three pillars – prevention, detection and response. It’s important to take a step back and look at basic cyber security hygiene. Whilst most businesses and organisations claim to have the basic controls in place, such as an anti-virus solution, they may not have switched on all its features. Part of the issue with compliance is ‘have you ticked the box?’ So, even if they do have a product, have they gone back to the vendor and asked ‘am I utilizing your product to its maximum value?’ Amar confirms that vendors are more than willing to help but it’s up to the customer to ask the question; how can we improve the product? How can we make sure that the operations team can run the product?
Well, says Amar, Wannacry hopefully made the reality hit home that mass infection is a possibility. Until Wannacry, mass infection was always considered an unlikely event. It’s been a wake-up call and sadly Amar believes going to see more of these types of mass infections.
When businesses acknowledge that they could be impacted, and they probably will be impacted, then they can prevent, detect and respond; not just detect and respond, but actually good, workable prevention, detection and response.
View Amar Singh’s interview in full and gather further insights into cyber security.