Spotlight on cyber security as a science

Blog post -

Spotlight on cyber security as a science

Ollie Whitehouse, global CTO at NCC Group

When you consider the history of cyber security – which stretches back to around 60 years – it’s perhaps not surprising that it’s not yet widely seen as a science. While it is ubiquitous in our everyday lives, today’s cyber security practices remain at the same stage of maturity as medical practices were in the early Middle Ages.

In 2019, we explored an evidence-based approach to cyber resilience and how a such approaches are emerging. Two years later, we’re seeing further traction in the cyber security community – here, as part of our Spotlight on... series, we share some thoughts on what’s needed to establish cyber security as a science.

Putting research into practice

As the capabilities and understanding of the global cyber security community expand – in line with the sophistication of techniques employed by threat actors – we will see a more evidence-based approach to cyber resilience. This more rigorous approach will be driven by various factors spanning governments, academia, insurers and the end-user buying community looking to understand return-on-investment.

In practice, this will mean a move away from solely vendor attestation as to solution efficacy. Instead, we will transition to a world where evidence is provided of efficacy in real-world operating conditions, against realistic threat scenarios and the associated costs, caveats and similar considerations.

For example, in the wake of the WannaCry and NotPetya attacks, many of our clients were concerned about the impact of such large-scale attacks. One CEO asked us what would happen if their company was hit by NotPetya – so our team sought to find out.

By launching a re-engineered and augmented NotPetya into their environment over the course of eight months and measuring the organisation’s resilience and response capabilities, we were able to quantify the potential impact and show in the real-world what worked and what did not. Being able to accurately measure the effectiveness of different strategies is crucial to the future evidence-based world.


What does the future hold?

With increasingly sophisticated environments, continuous integration pipelines and design experiments, the cyber security industry’s ability to deliver evidence-based advice will only grow. Measurement is key, and with these tools and models of working in place, organisations will be able to understand which solutions are working well and make any improvements on a continuous basis.

When armed with this knowledge, businesses can not only increase their own resilience, but make better strategic decisions. A threat intelligence-informed approach – particularly when it’s tailored to an individual organisation – ultimately empowers business leaders to understand their unique threat profile and make better decisions to remain secure amidst a changing threat landscape.

Subjects

Categories

Contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7976234970

Related content

Cyber attack at wastewater treatment facility. Shutterstock: Royalty-free stock photo ID: 1488059408

Insight: Florida city’s water supply attack

Last week officials in a Florida City said that hackers had accessed its water supply and upped sodium hydroxide levels to extremely dangerous levels. NCC Group’s Damon Small and Jim McKenney take us through what happened and share recommendations on what organisations can do to help prevent such attacks.

Royalty-free stock illustration ID: 1120901096

Integrated Review: the UK’s future as a cyber power

The UK government has released its Integrated Review of Security, Defence, Development and Foreign Policy, which sets out a framework for policy in the coming years that will help shape the nation’s position on the global stage. Our global CTO, Ollie Whitehouse reacts to this news.

Shutterstock: Royalty-free stock illustration ID: 1408742921

Ransoms and beyond

As attackers take advantage of the recent rapid digital transformation and move to remote working, Managing Security Consultant, Kenneth Yu, takes a look at some of the most commonly exploited services for ransomware attacks.

Royalty-free stock photo ID: 1798108846

So you want to work in cyber security?

There are many different types of jobs in cyber security. In this blog, Sourya Biswas, Technical Director here at NCC Group, gives some pointers for the different areas people may want to consider when thinking of a career in cyber security.

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom
NCC Group customer website
NCC Group corporate website
NCC Group Cyberstore