Tackling the challenges of cyber security

Cyber security has become a pressing issue for both governments and businesses around the world. With the type, frequency and severity of cyber attacks continuing to rise, organisations must develop an effective strategy to protect consumers and citizens, as well as manage their own reputational and financial risks.

Defining a new approach to cyber security

It is clear that cyber attacks are now a very real threat, with cyber crime costing an estimated US$1 trillion per year globally.1 In its National Security Strategy, the UK government ranked cyber crime alongside terrorism as one of the country’s biggest threats. Other governments around the world are also allocating increasing resources to defend themselves against this kind of attack. Equally, surveys of business leaders show that cyber security is now among their top concerns.

Many organisations need to plan to defend against a persistent and targeted cyber attack. However, successful defence against such a threat has become much more difficult. Professional hackers are openly offering their services to businesses, criminals and dissident groups. Enthusiastic amateurs also present a realistic threat, as powerful tools that can attack cyber networks are widely available and some require very little technical knowledge to deploy. Cyber technology makes it easy for people with access to the organisation’s network to create massive disruption, whether intentionally or by mistake. While the source of many threats lies outside the organisation, disaffected insiders also present a potentially significant risk. Closing all the gaps is both impossible and expensive. Instead, the focus should be on ensuring that systems are resilient and that the organisation can respond to any threat effectively and minimise its impact. While technical defences such as antivirus software and firewalls are important, there should also be a much stronger focus on the people and organisational aspects of cyber defences as part of an integrated cyber security strategy.

Improving cyber security across the public and private sectors

Our high-profile client relies on the continuous and secure connection of its systems to the Internet in order to carry out critical business functions. It needed to ensure that future operational needs in this respect could be met, in a way that also enabled collaborative partnerships.

PA was engaged to help deliver a series of transformational changes that would allow the full spectrum of business operations to be performed by systems that could be managed and defended against advanced and persistent cyber attacks. Working closely with the client, we developed an enterprise-wide solution that provided improved techniques for managing public-facing Internet services, alongside an approach which ensured that internal systems presented a moving target to potential attackers. This design substantially increases the cost and difficulty of mounting attacks while, at the same time, ensuring the systems can operate reliably in a compromised environment.

This approach is underpinned by a range of techniques, including virtualisation and provisioning technologies. It also builds in better system management and greater resilience as well as new methods of defence and security practice, with better training for users, including on dealing with any misinformation resulting from cyber attacks.

To request your full, printed version of PA Consulting Group Limited's Report and Accounts 2010, please contact us now.

To find out how we can help you develop an effective cyber security strategy for your organisation, please contact us now.