Blog Listing

Wednesday, 01 March 2017 02:31


Written by
Rate this item
(0 votes)

...and what this means for your Cyber Security...

The days are getting shorter and the nights are getting longer, and as happens every year, the number of burglary offences will (unfortunately) be on the rise again. The reason is obvious: burglars use the cover of darkness to move around without being seen. I imagine you're wondering why I am talking about this in our Cyber Security Blog. Quite simply, because we can transfer a lot of what happens in the event of a break-in and the subsequent criminal investigations (hopefully leading to the arrest of the perpetrator) into cyber security.

Doors and locks work well – but even so, there are incidents and cyber attack

It is not true to say that the victims of a burglary have been careless. Doors and windows are carefully locked when leaving the house or the apartment; if necessary the openings are even fitted with a lockable handle or security film, and yet the burglar can still break in silently. And this is exactly what happens day in, day out, with cyber attacks too. In the past, ICT security walls have been made higher and higher - but they barely interrupt the progress of a professional attacker. He will find the means to reach his desired goal and the ways in. This is why rapid detection and reaction are increasingly important these days, as well as simple protection. But I don't want to frighten you, quite the opposite! I want to encourage you to go one step further with your cyber security strategy and for your own protection, devote more attention to the areas of intrusion detection and response.

Detect & Response – what we can learn from a break-in

Back to our analogy with a break-in: When it comes to burglar detection, we increasingly rely on technical assistance such as alarm systems, video surveillance and motion detectors, etc. But people are also extremely important – watchful neighbours or a police patrol. Once the alarm system has gone off, things have to move quickly. The police will do everything they can to catch the culprit in the act. If this doesn't succeed, the specialists in forensics and tracing will come in. With all the small pieces of the puzzle, the police then (hopefully) succeed in arresting the burglar, recovering the loot and so minimizing the damage to the victim.

Why only experts are good enough

It’s exactly the same with cyber security: detection solutions and analysts' skill and experience are needed when it comes to detecting a cyber attack. If they detect a security incident, a team of experts (CSIRT) is deployed. This team does everything it can to minimize the extent and damage; using appropriate means, and just like with a burglary, a security incident should be handled by complete experts. You would be sceptical if traffic policemen were used to search for clues instead of detectives or forensic experts, after all!

5 Functions – 360° coverage for your cyber security

Of course, it is essential to expand targeted measures to defend against cyber attacks. I am convinced that just focusing on preventive measures is clearly an insufficient response. A systematic security strategy that takes into account risk management, information protection, detection and response to security incidents as well as recovery and optimization is the be-all and end-all of a successful cyber security strategy. Incidentally, this is also what the NIST Cyber Security Framework stipulates and what FINMA, for example, requires of Swiss financial service providers. In fact, you are already familiar with the principle. It's similar to the procedure we've always used in the event of a home burglary. In one of our last blog post, we explained this to you graphically - including an information diagram for you to download free of charge.

NIST Cyber Security Framework in brief:

IDENTIFY: The identification of risk and the associated threat potential is one of the most important prerequisites for being able to define effective measures in the sphere of cyber security.

PROTECT: This is the "traditional" part of IT security, i.e. the protection of confidential information and critical systems, as well as making staff aware of the issues involved.

DETECT: Traditional security systems have their limits when it comes to detecting advanced attacks and zero-day exploits. The aim here is to detect cyber attacks as quickly as possible, in order to minimize their scale.

RESPOND: As well as detecting attacks, it is crucial to have proven experts who can react swiftly and professionally. With standardized processes in accordance with SANS, you are guaranteed to have normal operations restored promptly.


RECOVER: After an attack, the "modus operandi" must be re-established in every company. In addition to this, important conclusions for the future must be drawn from every incident, in order to optimize long-term security.

Read 330 times Last modified on Wednesday, 22 May 2019 12:23

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

About Paeonia

Expert for innovative network solutions and comprehensive cyber security.

Get A Security To Secure Your business.

Get In Touch

Address: 40 Veslets Street, 1000 Sofia BG.

Phone: +359 87 790 8676

Fax: +359 87 790 8676



Join Our Community

Sign up to receive email for the latest information.