When is IT not IT? When it’s IT security of course.
That was the message from the CSO website this week. They explained how having IT is not enough anymore and that businesses need a separate IT security team.
They succinctly pointed out that as the awareness of cyber security has increased in recent years, it has more often than not incorrectly been lumped in as another responsibility for IT. Comparing the relationship between IT and cybersecurity to that of police officers and firefighters, they highlight that there is a complimentary relationship, but they are distinctly different professions requiring differing training. For example, you wouldn’t expect a police officer to show up at a house fire alone, just like you wouldn’t expect a firefighter to show up at an armed robbery alone.
The main aim of a cyber security professional, as CSO explained, consists of securing a business’s proprietary and confidential data and ensuring compliance. It’s not about ensuring connectivity, uptime or installing equipment, that’s down to IT.
Where they do come together is during a cyber incident, such as a ransomware attack. In this scenario, the security team will identify the threat severity, containment of the affected machines, and identification of specific data compromised. They will then run forensics and conduct an investigation, even after the company is back to running ‘as normal. Ultimately a company needs both, who will depend and rely on each other.
In the event of an attack, when both IT and cyber security teams are working together would you ever expect somebody to suggest that they ‘strike back’? It’s an interesting idea and one that the website The Atlantic talked about.
Most cyber-attacks, once technically resolved within a business, are left to the slow, plodding, over-worked, under-resourced, jurisdiction-bound law-enforcement agencies (their words not mine) to investigate and shut down or to bring the perpetrators to justice. But could the tech firms with their wealth of resources and expertise, in theory and if allowed do a better job? Would it be ethical for companies to be allowed to go outside the boundaries of their own networks and crash the servers that are attacking them, or delete data that has been stolen from them off their adversaries’ machines?
The concept of ‘active defence’ has been sloshing around the cyber security blogs and forums for a while and legislation prevents it being other than a concept. Added to which many cybersecurity experts, as the article states, think this is a bad idea. But is now the time, as cyber-attacks happen almost constantly and companies are losing vast sums of money and data, to reconsider this?
I have to agree with the masses that this is a bad idea, because what if a post hack, offensive action attack was wrong? Or even was used irresponsibly? It would start to become even more difficult to distinguish between the good guys and the bad guys! Would we enter the dark realms of cyber ‘friendly fire’, where an unsuspecting company was taken down by organisation incorrectly striking back?
Perhaps that’s a topic of conversation that both the IT team and the cyber security team can chat about the next time they get together!
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.