FF Focus

Operations in cybersecurity are a simple concept. Operations in business refers to everything a company does to carry out its objective. Yet, in order to do that, the business must also safeguard the assets required to achieve its objectives, and that's where cybersecurity comes into play. 

Cybersecurity operations are the organisational activities required to secure the total company — and, in particular, its information assets — against cybersecurity threats. Internet information and resources need to be protected. 

Protecting the organization's information, websites, databases, business processes, and communications is the primary objective of cybersecurity operations. In order to achieve this, they keep an eye on both internal and external activities on the network in order to spot any potential dangers or malicious conduct. 

As a result of new technologies and shifting consumer needs, numerous networks grew, leaving cybersecurity without a centralised blueprint to follow. The disruption caused by the internet made it imperative for businesses to strengthen their security operations and assemble them under one roof. Companies were forced to examine their security architecture more closely as a result of the volume of alarms produced by intrusion detection/prevention systems, firewalls, and other systems. 

Companies concerned not just that alerts weren't being examined due to a lack of educated personnel, but also that the volume of alerts was simply too high for prompt diagnosis. Organizations were frightened of what they didn't understand in terms of threat monitoring. 

Outsourcing or internal development are the two options available to these firms for building security operations centre (SOC) capabilities. Monitoring network alarms is an acceptable technique to outsource cybersecurity tasks. Outsourcing cybersecurity operations essentially entails signing a contract with a managed security service provider to have them examine network alarms for any harmful activity. Those that are not malicious are discarded by the MSSP, while those that might actually be damaging are reported. 

Outsourcing  Pros:

Trained personnel: Having experienced personnel immediately available, saves an organisation time and expense of hiring and training the dedicated people needed to do the analysis 

Infrastructure: The MSSP (managed security service provider) already has the facilities and tools required to do the job, saving more time and the upfront expense of building out an Internal SOC 

Continuous threat monitoring: MSSPs should provide SIEM capabilities that filter false alerts so forensics are only conducted on legitimate threats. This is proactive and continuous threat hunting and monitoring may be difficult for a company’s cybersecurity team to conduct on its own.  

Planning ahead: Outsourcing cybersecurity operations can provide security analysis capabilities while an organisation builds its own in-house SOC.  

Outsourcing Cons:

How much analysis is the MSSP going to provide?: Outsourcing cybersecurity operation functions does not usually provide features such as multi-tier analysis of alerts or an incident response service. Instead, many outsourced cybersecurity operations only provide the equivalent of a Level 1 cybersecurity operations analysis.  

What happens to alerts that the MSSP cannot clear? : The MSSP may only be able to analyse a subset of alert logs generated by an organisation. Alerts from certain applications such as databases and web applications may be outside of its area of expertise. If the MSSP is also a tools or hardware vendor, it may only be able to analyse logs from its own products.  

Detailed analysis of potential threats: An organisation still needs some internal analysis capabilities to deal with the smaller number of alerts that cannot be easily cleared by the MSSP and thus returned to the client.  

Compliance management: the SOC must operate in compliance with regulations and standards that the company must conform with. The MSSP should provide templates for required recommended compliance processes and consider regulatory standards when developing vulnerability assessments for the company.  

In-House SOC Pros: 

Tailors the operation to meet demand : design the security operations and monitoring capabilities that best meet the organisations requirements.  

On-site storage: Storing event log data internally lessens the risks that come with the external data transfer required to report security incidents.  

Improves communication: Breach transparency and coordinating incident response are typically much easier and faster when the processes are conducted in-house 

Builds a unified security strategy: An in-house cybersecurity operations centre can be the foundation for a comprehensive security, threat and incident response capability 

In- House Cons:

Planning and implementation: The time required to get an in-house cybersecurity operations centre up and running can easily be a year and is likely longer. CISOs and other security personnel will face a significant time investment in planning and implementing the SOC. 

Costs: Establishing an in-house SOC requires a significant budget, with upfront IT and personnel investment 

Finding good personnel: Hiring people who have the right skills, training and experience or developing and training existing in-house staff can be time-consuming and expensive  

Acquiring multiple security technologies: Continuous threat detection and compliance monitoring across several departments likely will require purchasing several AI-driven security tools. This may be out of reach for security departments budget-wise, especially in smaller organisations.  

The best course of action for many firms, as with many cybersecurity decisions, is to strike the perfect balance between managing the cybersecurity operations function internally and outsourcing it to an MSSP. 

Using the speed that outsourcing offers while the company develops its own cybersecurity operations is a fair alternative, especially for businesses that want to construct an internal cybersecurity operations unit. The company can benefit from the qualified, experienced people that an MSSP has available while building the services that it wishes to offer on its own by outsourcing at least some of the cybersecurity services that are now required. 

At Franklin Fitch, we are aware that information security is becoming increasingly mainstream and we've got it covered. We routinely monitor this ever-changing environment of InfoSec and it's no surprise that the demand for talent in this area is at an all-time high. Contact one of team members today if you're looking to hire into your security team, as we cover the main areas of focus in terms of our technical expertise and experience.

Ransomware is one of the biggest cybersecurity issues on the Internet and one of the biggest forms of cybercrime facing businesses today. It involves the creation of malicious software that encrypts files and documents on a PC up to an entire network and its servers. Those affected are left with few options: They can either pay a ransom to get their encrypted files back, restore the data from their backups, or hope that they can decrypt them themselves. 

Ransomware attacks start very quickly, sometimes even with someone in an organization clicking on a seemingly innocuous attachment and then encrypting the system's files. Much larger ransomware campaigns, however, use software exploits and vulnerabilities in software to access files. The attackers secretly scan the network until they can control as much as possible before encrypting all the data they can.

Some attackers also publicly announce that they are holding corporate data hostage. They even publish the data on the Internet until the company pays the ransom to get it back. Because of the simplicity and multitude of these incidents, ransomware is now considered the most immediate cybersecurity threat to businesses and a problem that needs to be taken more seriously. 

How did ransomware evolve? 

Early ransomware was a relatively simple construct, using a simple code that mainly changed the names of files, making it easy to defeat. However, this evolved into a new form of cybercrime that slowly developed into advanced code that targeted corporate networks and ordinary Internet users. One of the most successful types of ransomware at the time was police ransomware, which attempted to extort victims by claiming that the PC had been encrypted by law enforcement. This way, victims were supposed to be tricked into paying the ransom, thinking that it was the police who demanded the ransom. Meanwhile, they were actually criminals who took advantage of innocent people. However, at that time, their systems were not that good, and users could simply restart their computers, after which the message disappeared. However, criminals have learned from this approach, and most ransomware programs now use advanced cryptography to truly lock down a PC or network and the files on it. 

How much will a ransomware attack cost you? 

The immediate costs associated with ransomware depend on the hackers themselves. But after those initial costs, which can run into the millions, money is also lost if the company can't do business. Every day, perhaps even every hour, revenue can be lost if the network is unavailable. If the company decides not to pay a ransom, hiring a security company would also incur additional costs. In some cases, these costs may be even higher than the ransom demand, but companies would rather give their money to security companies than to criminals. There is also a risk that customers will lose trust in the company due to poor cybersecurity and look elsewhere. 

Why are small businesses targeted by ransomware? 

Smaller businesses are more likely to be targeted because they tend to have poorer cybersecurity practices than larger organizations. Many people believe that because they are so small, they are less likely to be targeted. However, for cybercriminals, any money they can capture is good money. 

What do Bitcoin and other cryptocurrencies have to do with the rise of ransomware? 

The rise of cryptocurrencies like Bitcoin has increased the activity of cybercriminals, as they can use this type of malware to receive payments secretly. This way, there is no risk of authorities identifying the perpetrators. Many cybercriminal ransomware groups even offer "customer services" to teach victims how to use cryptocurrencies. This is because many victims do not know how to transfer the ransom to the perpetrator. Some companies even hoard some cryptocurrencies in case they get infected and need to pay quickly in Bitcoin to get their files back. 

How can you prevent a ransomware attack? 

Most hackers start by exploiting insecure Internet ports and remote desktop protocols. Therefore, one of the most important measures an organization can take to prevent this is to ensure that ports are not opened to the Internet if they are not necessary. However, if they are necessary, the company should ensure that they are protected with complex credentials. Applying multifactor authentication to these accounts can also serve as a barrier against attacks. Ensuring that the network is updated with the latest security updates should also be done, as hackers will attack commonly known vulnerabilities. Employees should also be trained on how to recognize attacks via email, as many attacks target employees who don't know any better. Antivirus software can also be downloaded to the PC to avoid potentially malicious files. 

Ransomware and the Internet of Things  

As much as the Internet of things improves connectivity, they have a bad reputation when it comes to security. As more and more of this type of technology comes to market, it also creates more attack opportunities for cybercriminals. This can lead to hackers taking your connected home or even your connected car hostage. The shocking thing is that even medical devices can be hacked, putting human lives at direct risk. There are also constant warnings that the growth of smart cities could be tempting for cyber attackers. 

Because ransomware is constantly evolving, it's vital that your employees understand the threat it poses and that organizations do everything they can to avoid infection. This is because ransomware can be crippling and decryption is not always possible. 

In the ever-changing world of InfoSec, Franklin Fitch ensure that we have the main areas of focus covered in terms of our technical expertise and experience, please click here to find out more information about the current vacancies available.

Looking for a career in cybersecurity? Well, you’re in demand - provided you get in there before the robots do.

According to Jamie Fitzgerald, Cybersecurity Business Manager at Franklin Fitch, the majority of small and medium-sized businesses are wholly underprepared for the threat of a cyberattack, exposing themselves to billions of pounds/euros in financial damage. Whether it’s a lack of funding or ignorance that it won’t happen to them, the need for skilled cybersecurity specialists has never been greater.  Between 2013 and 2021, the number of unfilled cybersecurity jobs increased by 350%, from 1 million to 3.5 million.

"There is a distinct lack of awareness of cybersecurity in SMEs," Jamie says, adding that even if awareness existed, finding people with the necessary skills would be difficult. The cost of a data breach in the United Kingdom has increased by 8.1%, and total costs have reached a seven-year high in 2022, with the average cost to business from a cybersecurity breach being around $3.6 million. Despite these increased security threats, many businesses are not taking cybersecurity seriously enough, and their cybersecurity budgets are still being cut as we move through 2023. It's a candidate-short market right now, particularly in cybersecurity, making it difficult to find the right people."

The potential damage from an attack is huge

Failure to implement appropriate cybersecurity measures can have a devastating financial and reputational impact on a company that is the victim of an attack. According to IBM, 68 percent of businesses are not prepared for cyber-attacks, leaving themselves vulnerable due to ignorance, a lack of funds, or an unwillingness to rock the boat by acknowledging a threat.

While allocating funds for appropriate security at a time when many businesses are cutting spending is not ideal - the average mid-sized company spends tens or even hundreds of thousands on cybersecurity - the outlay is minor in comparison to the potential damage.

Why is it so hard to fill cybersecurity roles?

So, what cybersecurity-related skills are in high demand, and how can potential specialists land the job they want while also assisting these companies in mitigating an attack?

"Candidates must be able to communicate, gain the support of stakeholders, be hungry for knowledge, and have strong technical skills," Jamie says. "A highly motivated individual is teachable: They can improve their soft and technical skills under your supervision. If you hire someone with the right mindset and foundational knowledge, they may be a better fit than a seasoned candidate with a fixed mindset and unwillingness to change."

Companies need to innovate to attract skilled workers

Jamie, who is currently hiring for a variety of cybersecurity positions in the UK, believes that companies must be willing to be more flexible in order to attract the best talent.

"The market for cybersecurity talent will likely remain tight and candidate-driven. "So, you have to make the role and company appealing," Jamie believes. You can be confident that if you do this and welcome them into a healthy culture, these new employees will deliver value and be valued for their efforts."

How can AI help?

Jamie believes that Artificial Intelligence will relieve some of the pressure on the sector in the future (AI). "AI not only removes the human element, which is prone to risk and error, but it can also help to identify data and pinpoint potential threats," he says.

Some cybersecurity companies are already teaching AI systems to detect viruses and malware using complex algorithms, so that AI can then run pattern recognition software. AI systems can also be used to provide access to their users in situations requiring multi-factor authentication. While AI is great for processing large amounts of data and replacing autonomous manual tasks, it will never be able to replace a security analyst's insight or understanding of a problem.

In reality, jobs will change, and while some of us may end up working alongside an automated colleague, we will still be needed, albeit for different functions.

If you're looking for a job in cybersecurity space or want to protect your business from increased cyber-attacks, please contact one of our recruiters for more information and advice.

Cybersecurity Awareness Month, every October, is a collaboration between the government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. 

The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. While most of cybersecurity news articles are about massive data breaches and hackers, it can seem overwhelming and feel like you’re powerless against it. But Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected. It can make a huge difference even by practicing the basics of cybersecurity.

93% of company networks are now breachable by hackers, one source notes, and nearly 1 in 3 organizations say they don’t have the funding for proper cyber protection. With that in mind, any month might be a good month to be more cyber aware. 

So here are tips and best practices that everyone can use to feel a little safer online. Here are some simple things you can do to make sure you’re protected:

Choose strong passwords and make use of a password manager rather than re-using passwords on multiple sites.

With so many essential services available through the internet today, passwords may be the only thing standing between your accounts –and the sensitive financial and personal information they contain – and cyber criminals. Because so many passwords have been exposed in data breaches, it’s vital that you don’t employ the same one for multiple accounts. Should someone intercept one account’s password, you don’t want them gaining access to others. A strong password should contain a minimum of twelve characters (though more is better) and should not be easily guessable. Because they’re even longer, passphrases offer additional security.

Consider a password manager such as the free open-source password vault KeePass. With these services, you need to remember only one strong password, which will then give you access to all your others. Keeps stores your account passwords in a strongly encrypted database.

Use two-factor or multi-factor authentication (MFA) on all of your accounts.

Implementing two- or multi-factor authentication adds a layer of protection beyond the passwords that safeguard your accounts. Once it’s set up, users need to present an additional form of identity verification before they’re granted access to accounts or online resources. This additional factor could be evidence that they have a smartphone (proof of receipt of a text message), access to an email account, a unique code or token, a fingerprint or even a retina scan. With MFA in place, even if you do fall victim to a phishing attack, there’s an extra barrier standing in the way of cyber criminals seeking to make use of compromised credentials.

Educate yourself, your co-workers, and your employees about the latest cybersecurity threats.

When it comes to cybersecurity, knowledge is power. Because attackers are always on the lookout for new ways to hoodwink potential victims, it’s critical to remain aware of the dangers associated with internet use. The better you understand the tactics criminals are currently employing to gain access to user accounts or personal and financial information, the less likely you are to be tricked.

Take phishing as an example. It used to be that these fraudulent email or text messages were rife with grammatical errors and spelling mistakes, but that’s no longer the case. Today’s most sophisticated phishing messages feature pirated logos and another branding that’s nearly impossible to distinguish from the real thing. For this reason, you should never click on a link in an email to visit a banking website. Instead, bookmark a link to what you’re certain is the authentic and trustworthy site. Many banks offer automatic alerting whenever transactions are initiated – an extra layer of protection that it’s worth enabling. In addition, it’s always a good idea to call your financial institution if you notice questionable activity in your account. Be sure to use a known phone number to reach them when you call, not one that arrived by email.

Keep software up to date.

Software vendors frequently update their products and as soon as vulnerabilities are discovered, they issue patches that fix problems that have been discovered. Some of these vulnerabilities are severe, in some cases even enabling malicious third parties to completely control someone’s computer without their knowledge. Cybercriminals are constantly scanning the internet for machines that are running older versions of software that contain vulnerabilities that can be exploited. Enabling automatic software updates is an easy way to protect yourself from these sorts of attacks. It ensures that all new patches will automatically be applied to your computer as soon as they’re released.

Use antivirus software and install a firewall

Antivirus programs and firewalls are designed to prevent malicious code from infecting your computer. This includes malware that’s arrived via infected email attachments, malicious links in email messages, and so-called “drive-by downloads” – automatic downloads initiated by compromised websites. Because antivirus and firewall technologies usually work by blocking known threats, it’s important to ensure that your software will receive automatic updates. This provides protection based on the most recent information and guards against the latest threats.

Finally Cyberwomen could take place in person again! The event, founded in 2019 to create a platform for women in cybersecurity, took place again on September 22 this year. We are very proud to have been there again as one of the sponsors. We are even happier for our recruitment specialists Adriana Timme and Anne-Sophie Hufer, who had the opportunity to visit the conference last Thursday and exchange ideas in interesting and progressive discussions.

About 24% of cybersecurity professionals are women. While this is an improvement from 11% in 2017, there are still barriers for women looking to enter or advance in the global cybersecurity industry. In addition to the large gender gaps in cybersecurity, women are on average paid less than men in this field. In 2021, 29% of men reported making between $50,000 and $99,999, while just 17% of women reported the same amount.

Amidst all of this, the rise in cybercrime - particularly ransomware - is the number one threat for 2021. Of the ten countries with the highest ransomware cases, the US had as many attacks as the other nine countries combined. Despite the global attention cybersecurity has received in recent years, there is still a significant skills shortage.

Our consultant Anne-Sophie Hufer, who attended the conference last Thursday, explains her perspective on this topic and her experiences with Cyberwomen 2022 in general:

“It was a great event! I had a lot of fun and it was also very interesting! There were very competent cybersecurity experts like Jana Ringwald or Laura Kludas, who took part in the sales panel. In general the conference was well organized and all the speakers contributed a lot to the overall conference. I particularly liked the lectures on cyber agencies and innovation management, and the CxO panel on ransomware and its consequences. We also had the opportunity to make new friends and meet old ones. There were just so many interesting women that altogether make such a strong and inspiring group of people. From this, I learned that the presence of women in the cybersecurity industry will definitely increase in the future. Especially in Germany, where the topic of cybersecurity and women in IT is not discussed that much. But all in all, it was a great experience and I hope to be able to do it again next year!”

- Anne-Sophie Hufer, Information Security Consultant at Franklin Fitch

We are pleased that more and more women are interested in and participating in cybersecurity. This year, 240 people attended the conference, plus several people who were able to stream the conference from their homes. It is amazing to see how the event was made so inclusive and accessible to women who are able to attend and those who were unable to attend in person. Our Cyber ​​& Information Security recruiter Adriana Timme tells us more about her experiences with all the different women and participants and what cyber women mean to her:

“This is now my second time at Cyberwomen. Last year I attended the conference but because of COVID-19, everything was online. So I was very happy to be able to attend in person! The organization of the event was just great! The balance between panels, conferences, and time to exchange and meet new women in IT as well as the speakers were really good! I really liked the HR panel, in which exciting solutions to the shortage of skilled workers in the cyber area were discussed, because the shortage of skilled workers concerns me almost every day as a personnel consultant for cyber and information security. The speakers (Lydia L., Rebecca Z., Christine R., Anja Z., Dr. Nina G., and Anna K.) had a fascinating concept of how women work in and alongside intensive environments such as cybersecurity to have a balanced personal life. This concept of "job sharing" not only means new opportunities for recruiting but is also an exciting option for my personal development! I also liked other speakers like Katharina Maier and Jana Ringwald because they are both very talented speakers. They gave some fascinating insights into the areas of usable, information and IT security as well as law enforcement in cyberspace. But the most important thing I took away from the whole experience is that women are going to take a more prominent role in cybersecurity. It will be a long road to success, but it will come! This is also why I think Cyberwomen 2022 is such an achievement and a great opportunity to promote women in the cybersecurity industry.”

- Adriana Timme, Cyber ​​& Information Security Business Lead at Franklin Fitch

One thing is clear: Cybersecurity needs more women. To build a strong culture of cyber resilience around the world, employers should prioritize recruiting and developing talented female cybersecurity professionals. Women working in or aspiring to a position in cybersecurity represent untapped potential when it comes to filling the growing gap in the cybersecurity workforce. This is exactly why we need conferences like Cyberwomen. Here we discuss various topics, network, and learn more about cybersecurity and why it is important to bring women into the industry!

And we've already noticed a big difference over the years! We are already excited about the increasing participation of women and the growing interest in cybersecurity. As personnel consultants in the IT sector, we see unequal distribution every day. Because of this, we are determined to balance the industry in any way we can.

Professionals in the field of cyber security are continually defending computer systems from numerous cyber threats. Every day cyberattacks target businesses and private systems, and the diversity of attacks has expanded quickly.

Numerous factors can lead to a cyberattack. The first one is financial. An online hacker can deactivate a system and demand money to reactivate it. More advanced than ever, ransomware is a sort of software that demands payment in exchange for the return of services.

Individuals are also targets of cyber-attacks, owing to the fact that they store sensitive information on their mobile phones and use insecure public networks. 

In order to strengthen cyber security, it is essential to keep track of how cyberattacks are evolving and growing. Earning an online cyber security master's degree can be very advantageous for cyber security professionals who want to increase their understanding of threats and cyber security information.

What Is the Definition of a Cybersecurity Threat? 

A cyber security threat is any potentially hostile attack that aims to destroy data, obstruct online transactions, or access data unauthorizedly. Potential cyber risks include corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal gangs, lone hackers, and dissatisfied workers.

Sensitive data was exposed by several high-profile cyberattacks in recent years.

Cyber attackers can use sensitive data from an individual or a business to steal information or gain access to financial accounts, among other potentially harmful acts, which is why cyber security professionals are essential for protecting private data. 

Here are the top five most common cyber threats:

1. Malware and viruses 

Computer programs are known as viruses attack and replicate on host systems. Infections, viruses, worms, trojans, rootkits, and other similar words are also used to refer to malware. Any application that does not belong to the user is considered malicious software. A virus is often a harmful piece of code that can harm your system if it is not removed. Your security measures ought to lessen malware attacks.

2. Theft of Identity 

When someone gains unauthorised access to sensitive information, such as financial data, intellectual property, medical records, trade secrets, customer lists, or employee information, they are said to have committed data theft. Data thieves utilise social engineering techniques to con people into exposing passwords, private keys, login information, credit card numbers, and other sensitive data. The prevention of data theft mainly depends on user knowledge and education.

3. Website Hacking

Web hacking is the term for the unauthorised use of equipment and methods to attack networks or websites. Websites, software, and network infrastructure all have vulnerabilities that hackers are continuously searching for. These assaults can range from straightforward website vandalism to full server takeovers.

4. Social Engineering

Social engineering is the practise of persuading others to take actions they otherwise would not. Social engineering methods are often used by cybercriminals, ranging from simple phishing scams to more intricate plans involving malware. When engaging with unknown parties online, users should use caution, and they should never click on links without first checking their validity.

5. Cryptocurrency Mining 

The process of employing computers to carry out repeated calculations (known as hashes) to validate transactions on the blockchain, which records cryptocurrency balances and transfers, is known as cryptocurrency mining. In return for processing transactions and defending the network, miners receive fresh money. In addition to maintaining the security of the network, miners also give cryptocurrency exchanges liquidity.

One of the biggest issues that organisations today must deal with is cyber risk. The Global Risks Report 2022 from the World Economic Forum demonstrates how rising digital dependence and digital transformation have increased cyber threats. However, according to the survey, cybersecurity failure is still seen as a serious short-term risk, and high-value organizations frequently experience breaches that have a major negative impact on their performance.

According to a recent Acronis report, 80% of businesses experienced a cybersecurity breach in the past year, up from 68% the year before. The high levels of danger now exist are demonstrated by the fact that 9% of the businesses experienced at least one cyberattack every hour. This shows that businesses are becoming more open to cyber-attacks, yet most are not prepared to defend themselves in a way that keeps up with the more sophisticated attackers.

In the upcoming years, it is anticipated that the number of cyberthreats to businesses will continue to increase. Today, cybersecurity is an essential part of an organization's business plan to guarantee data privacy and prevent the expense of reacting to a cyber-attack.

Even though IT security is a vital part of a security strategy, employees are one of any organization's most vulnerable areas. Employees are on the front lines of the battle against cyber risks as a result of the focus of many cybercriminals on assaulting individuals through malware, phishing, and other scam activities.

Fostering a cybersecurity culture can outlast individual turnover and isolated occurrences and can provide a stronger front against cyber threats than any one policy or process. By integrating cybersecurity into organisational processes and practises and keeping an open conversation, you may develop a cybersecurity culture.

Be honest

Analyze the culture and determine the current state of organisational security. Recognize the strategy for dealing with audit results, the top technology and security priorities, and any metrics in place for tracking development. Additionally, be aware of behaviours that could increase risk, like as BYOD rules, international travel, unencrypted communication (such instant messaging), data storage on personal devices, unconventional computer setups, and usage of unapproved software.

Outline the mission

Establish what constitutes security and technological achievement before settling on specifics. To make it easier to communicate, turn the mission into an "elevator pitch." When the company succeeds, it should be celebrated to reinforce the importance of security and to solidify the culture.

Win employee support

Headline-making breaches may not feel applicable to all departments. Earn employee support with department-level conversations about the impact of cyber threats to ensure staff realize the value of security and aren’t tempted to circumvent processes. 

Define roles and expectations

Remove uncertainty with a thorough plan that outlines roles, objectives, and duties for departments in the event of a cyber-attack. By adding other departments, you can broaden the scope of who is responsible for promoting security outside the IT security team. Build trust that, in the event of a mistake, firm security professionals will come up with solutions, provide assistance, and avoid taking the responsibility.

Invest in training

Expect the IT department to regularly train personnel on attacks and the resulting areas to watch. Clearly express all cybersecurity policies and guidelines. A consistent onboarding programme for new hires should also be in place. These issues, ought to be on the agenda:

• Password management
• Encryption and digital signing, if applicable
• Phishing attacks
• Backing up work
• Sending personal or sensitive information
• Account access
• Authentication
• Policies and best practices

Lean on an outside party to handle training if internal resources aren’t available.

Create a conversation

Similar to any culture, story is frequently its basis. Discuss cybersecurity constantly, drawing lessons from news about the topic, and keep staff members up to date on best practises. Regular training sessions, forums, or newsletters can all offer regular forums for cybersecurity discussion. Encourage a question-friendly climate, and make sure staff members are aware of whom to ask. Equally crucial: check to see if the response contains a lot of jargon.

Employees with the skills and knowledge to take action will embrace personal responsibility for supporting security in an organisation with a strong cybersecurity culture. Employees may even actively defend the company as they become more aware of cybersecurity procedures thanks to this collective approach, which transforms them from risk factors to security advocates. A preventative approach will undoubtedly pay off for both individuals and corporations given the escalating costs of cybercrime.

High-profile cyberattacks, data breaches, and ransomware attacks have dominated the headlines over the past year or so, causing organizations all around the world to review their cybersecurity strategies. For organisations that do not regard cybersecurity as a business investment, the destructive effects of cyberattacks on a company's ability to operate will increase in the future.

The Gartner Security & Risk Management Summit, June 20-21 in Sydney, Australia, delivered sobering revelations about the future of cybersecurity — with the aim of helping security and risk management leaders succeed in the digital era.

Richard Addiscott, senior director analyst, and Rob McMillan, managing vice president, of Gartner, highlighted important patterns in their opening keynote talk. One of these trends was the emerging relationship between Executives performance evaluations and the capacity to handle cyber risk.

Gartner’s experts noted that almost one-third of all nations will regulate ransomware response within the next three years; and security platform consolidation will help organisations thrive in hostile environments.

“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott told attendees. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”

Gartner recommends that cybersecurity leaders build several strategic planning assumptions into their security strategies for the next two years:

1. Consumer privacy rights will be extended

Privacy regulation continues to expand and the tech analyst predicts it will be extended to cover five billion people, and more than 70% of global GDP. It said organizations should track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.

2. By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access

Garter said with the rise of hybrid work, vendors are offering integrated services across web and cloud-application security. The benefit here is tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.

3. Many organizations will embrace zero-trust, but fail to realize the benefits

The tech analyst predicts that by 2025, 60% of organizations will attempt to adopt zero-trust security, a concept that assumes there is no traditional 'perimeter' to the corporate network, so all devices and users have to be regularly re-authenticated. But it said more than half will fail to realize the benefits.

Replacing implicit trust with identity -- and context-based, risk-appropriate trust -- is extremely powerful, said Gartner, but requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits. And not all companies will be successful.

4. Cybersecurity will become key to choosing business partners

Gartner predicts that 60% of organizations will use cybersecurity risk as a "primary determinant" in conducting third-party transactions and business engagements by 2025. Only 23% of organisations monitor third parties in real time for cybersecurity exposure, according to Gartner. But as a result of pressure from customers and regulators, it believes organizations will start to insist on measuring cybersecurity risk, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.

5. Ransomware payment legislation will rise

At the moment there is little legislation around when companies can -- and can't -- pay ransomware demands. That could be about to change; Gartner predicts one in three countries will introduce such laws soon. The decision to pay the ransom or not is a business-level decision, not a security one. Gartner recommends engaging a professional incident-response team as well as law enforcement and any regulatory body before negotiating.

6. Hackers will weaponize operational technology environments to cause human casualties

Attacks on OT -- hardware and software that monitors or controls equipment, assets and processes and is often the brains behind industrial systems in factories or power grids -- have become more common and more disruptive, Gartner said, warning that threat actors will have "weaponized" operational technology environments to cause human casualties by 2025. "In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft", according to the analyst firm.

7. Resilience will be about more than just cybersecurity

By 2025, 70% of CEOs will drive a culture of organizational resilience to deal with threats from cybercrime, but also from severe weather events, civil unrest and political instabilities, Gartner said: "With continued disruption likely, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative."

8. Cybersecurity will matter for the CEO's bonus

By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts, Gartner said. As boards now increasingly regard cybersecurity as a business risk rather than just a technical problem, accountability for cyber risk will shift from the security leader to senior business leaders, it said.

DevOps culture and procedure are critical for enterprises to keep up with the pace of cloud-native software development, especially when code deployments happen multiple times per day. The capacity to construct, populate, and grow cloud apps and infrastructure in real time, frequently through code, offers for extraordinary agility and speed. Security, on the other hand, is frequently left in the dust when things move so swiftly.

The reality is that many businesses have yet to figure out how to effectively secure the cloud. A lack of cloud security knowledge, along with legacy security regulations that do not cover the cloud and a scarcity of cybersecurity expertise relevant to cloud systems, is a problem. And thieves are eager to exploit these flaws: according to a 2021 research, nearly half of the more than 2,500 publicly publicised cloud-related vulnerabilities were discovered in the recent 18 months.

Security must be integrated at every level of the DevOps life cycle, also known as DevSecOps, due to the flexible nature of cloud technology. Any firm that uses the cloud must adopt a DevSecOps approach, which necessitates new security guidelines, policies, procedures, and technologies.

There are two primary goals of DevSecOps-

1. Secure Code  

2. Speedy Delivery

Advances in IT like cloud computing, shared resources, and dynamic provisioning requires application security in every stage, and DevSecOps entails the same.

The Cloud is a Vulnerable Platform
Data breaches are one of the most pressing risks for any company today. The methods employed by attackers to enter cloud settings differ from those utilised in on-premises environments. Malware attacks are rare; typically, attackers take use of misconfigurations and other flaws.

Another important worry is that most firms employ multi-cloud, which might result in a lack of visibility. It can lead to cloud workloads and traffic not being properly monitored, allowing attackers to exploit security flaws. DevOps teams also have a habit of giving people considerably more privileges and permissions than they require to do their jobs, which increases the risk of identity-based attacks. According to studies, identity-based assaults were used in roughly 80% of cyberattacks to compromise legitimate credentials.

Installing cryptominers onto a company's system is another option for attackers to profit from cloud vulnerabilities. Cryptocurrency mining necessitates a significant amount of computational power. Threat actors will employ hacked cloud accounts to carry out this operation and make as much money as possible while draining the company's resources.

Security Shifting to the Left
Protecting the cloud entails safeguarding an ever-increasing attack surface that includes everything from cloud workloads to virtual servers and other cloud-related technology. Attackers are continuously on the lookout for weak points in systems, especially susceptible cloud applications. With more organisations turning to the cloud than ever before to fulfil the needs of a remote workforce, the number of cloud apps available has grown.

Traditionally, security is applied to code as the final step before it is released. When vulnerabilities are discovered, the release is either postponed or the development team is forced to hustle to fix each security flaw while the security team scrambles to review the updates. Shifting security left for DevOps teams guarantees that vulnerable code is found as it is built rather than during the testing phase, lowering costs and resulting in secure cloud apps.

Shift left security is a critical component of the software development life cycle, and getting it correctly should be a top concern. Organizations can accomplish DevSecOps and greatly reduce security issues surrounding cloud-native software and application development by incorporating security into the early phases of the development process.

Cloud security that is effective can enable DevSecOps

DevSecOps technologies and techniques can help companies develop a strong and secure cloud foundation. Cloud security requires a unified view of multi-cloud environments and constant intelligent monitoring of all cloud services. That unified visibility must be able to detect misconfigurations, vulnerabilities, and security threats while also giving developers and DevOps teams with actionable insights and automated remedies.

Additionally, it's critical to have the correct security policies in place that enforce cloud security standards throughout the entire infrastructure to satisfy (or exceed) industry and government regulations. This encompasses everything from multi-factor authentication to general security best practises for all employees, as well as a robust incident response system that guarantees the organisation is ready for an attack.

Up-to-date threat intelligence, on the other hand, should always be at the heart of any good cloud security strategy. Adversaries are continuously devising new techniques to attack the cloud and looking for flaws to exploit. It's critical to have the most up-to-date information about threat actors and their techniques, and then apply it to breach detection. Threat intelligence allows security teams to anticipate attacks and properly prioritise protection, mitigation, and repair in order to avoid them. DevSecOps provides enterprises with the prevention, detection, visibility, and reaction tools they need to defeat attackers by delivering all of this functionality from and for the cloud.

Following the European Council and Parliament's provisional agreement on networks and information systems, called NIS2, Europe has moved closer to new cybersecurity standards and reporting requirements. The new measures, first proposed by the European Commission at the end of 2020, look to boost the cyber resilience of entities across range of sectors deemed critical for the economy and society.

NIS2 will take the place of the present Directive on the Security of Networks and Information Systems, or NIS, which was adopted in 2016. The new directive establishes tighter criteria — as well as possible consequences, such as fines – for a broader range of industries that must adhere to computer security regulations.

It also aims to minimise "significant differences" in risk management and security reporting requirements among EU member states by adopting uniform criteria for assessing, reporting, and taking action to mitigate cyber risk.

The existing regulations on network and information system security (NIS Directive) were the first piece of EU-wide cybersecurity legislation, and they cleared the way for a dramatic shift in mindset, institutional, and legislative approaches to cybersecurity in many Member States. Despite their remarkable accomplishments and beneficial influence, they needed to be updated due to our society's expanding digitalisation and interconnection, as well as the increasing amount of cyber harmful operations on a global scale.

To address Europe's increased vulnerability to cyber threats, the NIS2 Directive now includes medium and large entities from a wider range of sectors that are critical to the economy and society, such as providers of public electronic communications services, digital services, wastewater and waste management, critical product manufacturing, postal and courier services, and public administration, both at the national and regional levels. Given the increased security threats that occurred during the COVID-19 pandemic, it also covers the healthcare sector more widely, for example by incorporating medical equipment manufacturers. The new standards' expanded reach will assist raise the level of cybersecurity in Europe in the medium and long term by effectively compelling more organisations and sectors to employ cybersecurity risk management procedures.

The NIS2 Directive also enhances the cybersecurity standards imposed on businesses, targets supply chain and supplier security, and holds top management accountable for non-compliance with cybersecurity duties. It intends to harmonise sanctions regimes across Member States by streamlining reporting responsibilities, introducing more tougher monitoring measures for national authorities, as well as stricter enforcement requirements. It will aid in the sharing of information and collaboration on cyber crisis management at the national and EU levels.

NIS2 also sets up a European cybercrisis liaison organization network, dubbed EU-CyCLONe, to help manage large-scale online attacks across Europe, and also to coordinate vulnerability disclosure and increase information sharing and cooperation between government and private sector organizations. Meanwhile, companies that don't comply with the new risk management and reporting rules face fines of up to €10 million or two percent of their global annual turnover, whichever is higher.

Once adopted by the Council and European Parliament, member states will have 21 months to incorporate NIS2 into their national laws.

European Commissioners, for their part, welcomed the agreement. 

"In today's cybersecurity landscape, cooperation and rapid information sharing are of paramount importance," said Thierry Breton, commissioner for the internal market, in a statement. "With the agreement of NIS2, we modernize rules to secure more critical services for society and economy. This is therefore a major step forward."

The importance of cybersecurity is increasing. Fundamentally, our society is more technologically reliant than it has ever been, and this tendency shows no signs of slowing. Technology's development and expansion have had a beneficial impact on human existence, but the ease has come at the cost of cyber-attacks. If you utilise a tech device for any reason, you're likely to be a victim of a cyber-attack.

You'll need to be secure, which is where cyber security comes into the equation. Whether you're a person, a small business, or a huge corporation, you rely on computer systems on a daily basis. When you combine this with the rise of cloud services, poor cloud service security, smartphones, and the Internet of Things (IoT), you have a slew of cybersecurity risks that didn't exist only a few decades ago.

The protection of electronic data and information is known as cyber security. It protects electronic systems on devices like as computers, phones, servers, and networks against harmful assaults. It is critical, regardless of who you are, to protect your data from unwanted access.

Cyber-security is at an all-time high, and we must all do our share to be protected. Everyone has a role to play. This does not imply that everyone should become a cybersecurity specialist; rather, we must raise awareness of the threats that your users encounter so that they are not caught off guard when they are attacked.

Here are some top, simple tips to kep yourself and your business protected against unwanted Cyber Attacks:

• Use a strong and unique password to protect your email

Many of your personal accounts may be accessed through your email, putting you exposed to identity theft.

• Update your software and apps to the most recent versions

Important security upgrades are included with software and app updates to help safeguard your devices from cyber criminals.

• Set up two-factor authentication for your email account

To ensure the security of your data, two-factor authentication is advised for email accounts.

• Password Managers may help you keep your passwords safe

Password managers can assist you in creating and remembering passwords.

• Secure smartphones and tablets with a screen lock

With a screen lock, you can keep your smartphone and tablet safe and add an added degree of protection to your devices.

• Always make a backup of your most essential information

Back up your most valuable material, such as photographs and essential papers, to an external hard drive or a cloud-based storage solution.

The increased reliance of business on their IT functions means that the cybersecurity sector is required to evolve and grow almost on a daily basis. From single phishing attacks to nation-state attacks used in the midst of the theatre of war, the versatility required from cyber professionals and organisations has never been so imperative, especially with the constant changes in threat landscapes and business operations.

Although not conventionally correlated, the global pandemic has directly influenced complexities in developing robust security architectures. The rise in remote working and the increased preference for cloud-based approaches have ensued major shifts in not just technical advancements, but also in operational.

How has COVID influenced operational arrangements?

The position of CISO has seen advancements in many aspects, from increased salary ranges to restructured hierarchies. With cybersecurity being viewed more as a business risk as opposed to a technological risk, the role of CISO has become fundamental to every business and therefore expanded to include business continuity decisions and liaising with board members for wider business decision making.

As the cybersecurity landscape continues to evolve the more prevalent the CISO is in the overall success of a business, especially considering the shift to more remote working. We have seen an increased requirement for senior cyber professionals to join organisations and begin maturing and building out their internal security functions.

What technological advancements are influencing the cybersecurity landscape?

The biggest driver of change has been the quick implementation of cloud-based services since the onset of the pandemic. This has meant that cybersecurity strategies have too required quick implementation of new and robust procedures and tools to remediate the increased variety in threats.

The increased aggregation of company data into cloud systems means an efficiency and practicality on terms of the client, however the provider becomes a prime target for data breaches and attacks. With the likes of IaaS and PaaS, the responsibility of securing data, user access, applications and operating systems falls under the remit of the organisations and at differing levels, requiring comprehensive plans and strategies to ensure robust security protocols. IAM and PAM requirements are prevalent in job specifications at the moment, simple access practises are no longer acceptable in environments with increase collaboration and remote access requirements.

What does the future of the cybersecurity landscape look like?

Ultimately, the cybersecurity landscape will continue to evolve and develop to coincide with the constant shifts in attack vectors. Organisations will continue to utilise the most up-to-date systems and platforms available and with this leaning more towards cloud-based computing, robust security strategies, functions and tools will become highly sought after.

There are increasing calls for more governmental regulated approaches to cybersecurity and defence, particularly due to recent events in which cyber attacks are being used in the theatre of war.

There is no doubt that cybersecurity will be at the top of corporate agendas in the post-COVID era, it will be interesting what innovations and transformations will come as a result of this.

Cyber security is one of the fastest expanding businesses in the UK and throughout the world, with no indications of slowing down. Cyber criminals are always inventing and adapting in order to find new ways to hack, attack, and steal information online. It's a rapidly growing sector with several opportunities for individuals interested in pursuing a career in it. Cybersecurity professions, like many other technologically focused sectors, are overwhelmingly dominated by males.

The gender gap in cyber security is one that is regularly talked about.

The gender imbalance in the cyber security sector is one of the most apparent irregularities. Women make up just 11% of the worldwide cyber workforce, according to a recent survey from the Women's Society of Cyberjutsu (WSC). Women are sorely underrepresented in cyber security and often don’t see the occupation as a viable option due to a number of factors such as a lack of female role models within the industry, stereotyping and pay gaps.

Many businesses are beginning to see the value of having a gender-balanced workforce, particularly in fast-paced areas like cybersecurity. There are numerous reasons why this is an excellent career choice for women.

We've compiled a list of reasons why women might consider pursuing a career in cybersecurity:

1. Job Diversification

Cybersecurity is not confined to a single type of employment; it comprises a wide variety of positions in many areas and industries. Each area of cyber demands a unique and specialised skill set, from forensics to incident response strategy to counselling large corporations.

Working in cyber is also highly varied in terms of day-to-day responsibilities; with the environment continuously evolving, no two days are same. Multitasking and a great aptitude for problem-solving are required to solve cyber security issues. It is, without a doubt, a fascinating industry to be a part of.

2. Flexibility

One of the greatest barriers women face in their professions is a lack of professional flexibility. Unfortunately, childcare is still primarily the responsibility of women, making strict work environments challenging for women who wish to strike a healthy work-life balance while simultaneously achieving success.

Because most of the work in cybersecurity is done online, many positions lend themselves to flexible working hours and remote work.

3. Financially Rewarding

The cyber security industry is an extremely rewarding career path, especially at the moment where this skillset is in demand. The average salary for a cyber security analyst is around £51,000, with a career in the industry leading to a salary upwards of £70,000.

4. Boost Innovation

It has been established that having a higher percentage of women in the workforce increases team productivity and creativity, both of which are critical in the cybersecurity sector. We can enhance the potential talent pool and build a more strong workforce to meet the rising cyber threat of the upcoming years if we have more women in cyber.

The shortage of cybersecurity professionals is nothing new. The unemployment rate in cybersecurity has been at 0% since 2011 – a fact unmatched by any other industry.  According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs worldwide by the end of the year, up from 1 million positions in 2014.

This issue has only been exacerbated by the pandemic. Businesses globally were forced to adopt a remote working model where employees were often working from personal PCs, laptops and phones with limited antivirus software. 

According to IBM, remote working increased the average cost of a data breach by $137,000. Despite these heightened security threats, many businesses are still cutting their cybersecurity budgets as we move through 2021. 

Even with the ever-growing threat of smarter and more advanced security breaches, the security industry is under-resourced to fight hackers. 

What can be done to address this issue? 

Upskill more people

Sounds simple, but giving people the skills needed to fill these roles is the single more effective way to close this talent gap. It’s clear that there isn’t enough talent to fill the roles needed, so businesses, organizations and educational programs need to take responsibility in training people in the skills needed. 

Organizations already have the wheels in motion for this. Massachusetts-based MassCyberCenter is partnering with businesses, academia and the public sector to train new cybersecurity workers to fill the more than 9,000 vacant cybersecurity jobs.

The NYC Economic Development Corporation has launched Cyber NYC, which aims to grow the city’s cybersecurity talent pool through training and education programs. 

The Cyber Innovation Center in BossierCity, Louisiana, plans to broaden its cyber skills preparation to 10 million students and 50,000 teachers in K-12 across the US – building a pipeline of young cybersecurity talent. 

Build a youth movement

Encouraging and nurturing young people to become future cybersecurity experts will ultimately solve the cyber skills shortage of the future. Instilling enthusiasm and excitement around cybersecurity and STEM from an early age will organically grow a new generation of talent. 

Various organizations are doing this already. Girls Scouts of the USA have joined forces with Palo Alto Networks to deliver the first-ever Girl Scout Cybersecurity badges for girls in K-12. 

The National Security Agency has been educating young people in cybersecurity through their GenCyber program since 2014. The NSA’s summer camp, Camp Cryptobot, runs annual cybersecurity camps to build the next generation of cybersecurity workers. 

Focusing on the impact that a cybersecurity professional can have on people, businesses and even nations can encourage young people to become invested in the industry. Framing cybersecurity as a career that helps people, does good and is morally right is something that young people in today’s world are keen to make time for.  

Diversity and Inclusion

Diversity and inclusion are particularly important in the fight against skills shortages. Untapped talent pools exist that often go unnoticed in the recruitment process.

How can the cybersecurity industry tap into neurodiverse talent pools, for example? Autism affects more than one in 100 people which means a huge amount of talent. However, only 16% of autistic adults are in full-time employment, and out of the ones that aren’t, 77% would like to be according to the national autistic society’s research.

The lack of awareness around neurodiversity often acts as a barrier of entry for neurodiverse professionals looking to enter the cybersecurity space. Educating decision-makers in unconscious bias is one way to create a more inclusive hiring process that can open doors for unnoticed talent. 

----

As recruiters in the cybersecurity space, we know too well the need for talented candidates in this space. Do you have a cybersecurity role that you’re struggling to fill? We have a pool of talent that could be the perfect fit for your role, so don’t be afraid to get in touch.  

October marks European Cyber Security Month (ECSM) – an annual EU campaign that promotes cybersecurity and provides accurate online security information by sharing good practices. Every year in October, hundreds of activities take place across Europe, such as conferences, workshops, training and webinars, to promote digital security.

Organisers of ECSM provide the knowledge and tools to promote the safer use of the internet for all EU citizens. Since 2012, the ECSM has reached its key priorities by bringing together parties from across Europe under the slogan ‘Cybersecurity is a Shared Responsibility’ to unite against cyber threats.

ECSM 2020 launches with the motto of ‘Think Before U Click’. The month is split into two themes – the first two weeks focus on ‘cyber scams’ and the second on ‘digital skills’.

Kicking off the month with ‘cyber scams’, this theme provided insights on current and potential cyber threats to help businesses and individuals minimise risk. COVID-19 has led to an increase in e-commerce and online payments, which hackers have used to their advantage. The key message of this theme encourages users to have a heightened awareness of cyber scams when conducting online transactions.

The second theme, ‘digital skills’, presents educational activities that inform on internet security. COVID-19 has increased the digitalisation of everyday life, which requires people to be on top of digital trends to remain safe online. The theme covers e-privacy matters such as data protection, cyber bullying and cyber stalking.

For a full list of activities occurring in your region, please check the timetable here. 

written by Evangeline Hunt

Cyber crime is impacting users across the globe. As individuals and businesses increasingly rely on internet-connected devices, malicious attackers continue to take advantage. Now, more than ever, we need to be on high alert. The UK is far from immune to the impacts of cyber crime and is feeling the effects of various threats such as ransomware attacks, data breaches, and online fraud.

The CyberEdge 2022 Cyberthreat Defense Report (CDR) provides a breadth of insight into cyber security in countries all over the world. It found that in the UK, 81.4 percent of organizations had experienced at least one cyber attack in the year prior to the study, compared to 71.1 percent in the previous annual findings.

CyberEdge also investigated the rate at which companies were hit with ransomware attacks. Well over half (73 percent) of UK organizations dealt with a ransomware attack, a 15 percent rise on the previous year. 

UK organisations experienced an average of 788 weekly cyber attacks across 2022, marking a 77% increase from 2021. New figures from Check Point highlight the growing severity of cyber threats in 2022, with attacks surging by 38% compared to the previous year. The global volume of cyber attacks also reached an all-time high in the fourth quarter of the year with an average of 1,168 weekly attacks per organisation.  “Cyber attacks are increasing worldwide, with 38% more cyber attacks per week on corporate networking in 2022 compared to 2021,” said Omer Dembinsky, data group manager at Check Point. “Several cyber threat trends are all happening at once.” 

So, what should businesses be doing about this? Cyber security is one of our focus areas at Franklin Fitch and as a recruiter, I am frequently asked by service providers and large enterprises to find people with experience in multi-context firewalls. Quite often when I ask candidates if they have used them, the response is: “what is that? “or “I’ve never heard of it”.

For me personally, a lot of my technical knowledge is gained from in-depth conversations with my candidates about how they use a specific piece of hardware and what benefits it brings. So, if you, like me, are wondering what multi-context firewalls are, read on and find out more.

Cisco ASA supports multiple firewall contexts, also called firewall multimode or multi-context mode. Multi-context mode divides a single ASA into multiple virtual devices, also known as security contexts. Each context operates a single device, independently from other security contexts. In routers, this is similar to Virtual Routing and Forwarding (VRF).   

When would you use multiple security contexts? 

• A network that requires more than one ASA

• A service provider that needs to offer a different security context to each customer

• An enterprise that needs to provide distinct security policies for each individual department or users and require a different security context for each one

When wouldn’t you use multiple security contexts? 

• When VPN Services are required such as remote access or site-to-site VPN tunnels

• If dynamic routing protocols are required

• If QoS is needed

• If multicast routing needs to be supported

• If threat detection is required

Context configuration files  

In multi-context mode, there are three types of configuration files:

• The system configuration – a standard single-mode configuration where the network administrator adds and manages the security contexts

• The admin context – no restrictions and can be used as any other security context

• The context configurations/user context – for each individual security context. They contain the security policies and interface configurations specific only to that context 

ASA Packet Classification  

Packets are also classified differently in multi-context firewalls. In multimode configuration, it is possible for interfaces to be shared between contexts, therefore the ASA must distinguish which packets need to be sent to each context. 

The ASA categorises packets based on three criteria:

• Unique interfaces – 1:1 pairing with a physical link or sub-interfaces (VLAN tags)

• Unique MAC addresses – shared interfaces are assigned Unique Virtual Mac addresses per virtual context, in order to alleviate routing issues, which complicates firewall management

• NAT configuration – if the use of unique MAC addresses is disabled, then the ASA uses the mapped addresses in the NAT configuration to classify packets. This isn’t very common

In certain cases, you may need to assign a unique MAC address to a shared interface in order to alleviate routing issues, which complicates the firewall management.  

Active/active failover 

Multi context mode offers active/active fail-over per context. Primarily forwards for an individual context and secondary for another. The security contexts divide logically into failure groups, with a maximum of two failure groups. There will never be two active forwarding paths at the same time.  

Important to consider 

In order to change from single mode to multiple mode or back, the commands must be done from the command line (CLI) and not via the ADSM GUI interface. When changing from single to multimode, the ASA will convert the running configurations into two files, creating a new system configuration file and an admin context file. The original system configuration file is not saved.   

By default, all security contexts have unlimited access to the ASA resources. Depending on the environment, resource management may need to be configured to limit some contexts that may be starving other contexts. This is done by configuring resource classes when assigning to contexts.  

Final thoughts

Multimode offers advantages in certain situations particularly for service providers or an enterprise with multiple departments that require individual security policies. The requirements should be carefully considered before implementing the solution. However, there are also limitations and whilst the number of physical devices you manage may decrease, the complexity of those device configurations may increase.