NETSCOUT comments on guidelines

A key focus of the Government’s new Code of Practice on cybersecurity governance is making sure companies have detailed plans in place to respond to and recover from cyberattacks.  With the increasing need for business leaders to address strengthen their defences from cyberthreats, we talk to Darren Anstee, Chief Technology Officer for Security, NETSCOUT (www.netscout.com) about the importance of threat intelligence and the best practices which business leader must now adopt if they are to improve their cyber resilience.

“As the UK government’s Code of Practice on cybersecurity governance lays out, business leaders must prioritize cyberthreats as a major business risk.  This is imperative given the rate of change in the threat landscape, and the effect a successful attack can have on an organisation’s business continuity and reputation.”

“The Code of Practice doesn’t call out specific types of cyberthreats, but any risk management or incident handling processes must be broad enough.  The Code does mention the need to identify key areas such as important processes, data and services that are critical to a business – but – we must remember that there are many different types of cyberthreats which target these.  Each type may have different risks associated with it, and incident handling will also vary.
 
“Assessing the recommendations listed in the Code of Practice, there is no reference to the importance of working with other organizations or sharing of data.  Unfortunately, the bad actors out there are very good at sharing tools and techniques – organizations should follow suit, working with one another, or via industry and government institutions that can facilitate communications.”
 
“The importance of an incident handling plan cannot be overestimated, but testing should take place quarterly, or at worst every half year.  Given the rate of change in every business today, testing annually is more likely to focus on where the plan is out-dated, rather than creating familiarity and optimizing processes, which are just as important.”
 
“In terms of implementing and using cybersecurity platforms, there are several best practices business leaders need to adhere to.  First, it is imperative for all enterprises to have an overall security strategy, broad enough to cover proactive risk identification and qualification, technology selection, and intelligence sourcing and use.  Secondly, the technologies selected should provide consistent visibility across the enterprise, removing blind spots at internal or external borders, and facilitating consistency through the detection, investigation, remediation, forensics, and reporting workflow.  And, lastly, the whole ecosystem should be as integrated as possible to reduce operational overhead and accelerate response.”
 
“By monitoring global cyber threats and understanding the tactics employed by attackers, businesses can anticipate potential cyberattacks and proactively strengthen their defences.”