Top 3 Cybersecurity Framework and Standards

Audio Transcript

quickly some steps to embrace thisstandards and frameworks such as uh iecsix to four four three and zero trustagain these are important parametersbecause in again in our discussions withuh csos cyber security leaders and youknowcyber security teams across geographiesthis is something that came out to usthat what really is that we need tobenchmark ourselves against what reallyare the metrics that we need to orrather what really are the standards andmandates that we need to look at if weneed to scale ourselves up from a cybersecurity perspective at an institutionlevel or at a team level for that matterso some of the factors we haveyou know identified there as for themandate like for instance for this csfwe can look at a cyber resilience modelagain it has many elements to it likeidentify product detect etcetera and allthat but this resilience model again uhhas to be evolved uh in uh you know inconjugation with every othercyber security priority that you alreadyidentified so it cannot be a standalonesort of amodel uh which is built ground upwithout taking into account yourexisting cyber security realities andthe threat and well envelope that issurrounding your existing operationsautomating executive level reportingvery important again it all points uhthe the easier it is to make uh you knowthe easier it is to channel reporting orrather ensure that the reporting is muchmore streamlined and smooth it takes alot of burden away from your secondschemes and other teams involved insecuring your organization so for thenextframework this is a very important stepagain uh we have to definitely ensurethat you know the reporting is somethingthat is not a uh an end game so to speakbut it’s it’s something which is a youknow very important step in uh the nextin the next few steps of your journeytowards becoming a very cyber resilientuh organizationso defense in depth as far as iec 6043is concerned it has many elements uh itcan be a webinar by itself and we havedone a couple of webinars on that in thepast we will definitely guide youtowards those but here again the mostimportant thing is that networkisolation asset isolation and ensuringthat you know um access for outside orexternal fact external sort of you knowenvironments oragents which are not authorized are notallowed that’s an important factor hereto note which is what we’ve seen in somany cases of 40 breacheswhere we’ve seen thatthesepredictors were able to scanthese environments and these ports andactually they were able to injectmalware directly because these portsconnected to ot networks were actuallyaccessible from outside so that is veryimportant for iac six to four for threein summary and no except again criticalinfrastructure protection which a lot ofyou have already subscribed to i’m sureyou’re working on it plan and practicecyber incident responses again we cannotyou know at any point underestimate theimportance of tabletop exercises becausethat is an important step that you cantake no matter how what the scale of theexercise is you can stillplan and practice your response mentionsbecause we’ve seen like in a lot ofinstances the fumbling happens in theincident response part of it uh we areseeing businesses who have shut downtheir entire operations because theywere not able to actually understandwhich part of their networks wereaffected uh to begin with so if yourinstant response and your initial umsort of you knowapproach to actually handling an eventis streamlined then lot of things canwork well for you and you can actuallycontain the attack even if you know youhave not really been able to detect itvery early so we say monitor and disableunused portslimit removablemedia you know security patches passwordmanagement again basic cyber hygiene iwouldn’t want to delve into those butwhat really comes out here is that uhyou know despite these being mandatedacross you know different regulationsand also within organizations as part oftheir cyber security protocols and theirgovernance models so we say we’re stillseeing you know these steps not beenfollowed diligently so at least ifyou’re looking at nuts these are thingsthat you need to still do developmentdocument baseline configurations ensurethat you know what really is going on inyour network and the topology and theenvironment and everything that reallyis uh 14you know your infrastructure becauseright now what we have seen isespecially in the utility segment forinstance you know there are devicesrunning which happen which are vintage1990s 1980s they’re no longer patched noone knows what it’s doing there you knowall they know is if they remove it somepart of the operation might come to astandstill for instance you know sothese are not things that we can livewith or we should be living with shouldreally know what really is theenvironment all about and the baselineconfiguration should be clear from allperspectives be it operational uh uhfrom an impact perspective or be it fromalong term perspective in terms ofunderstanding if an event happens whatreally is it that will beimpacted

Download your free copy of the global threat landscape report

2021 Cybersecurity market evolution

 

Watch more