Skip to main content
 
au
  • The Wellington City Council (WCC) wanted to deliver quality outcomes without breaking the bank. Find out how Planit’s fast and flexible resources helped WCC achieve this goal.

this is a test Who We Are Landing Page


INSIGHTS / Articles

Security Will Move to a Converged Approach

 19 Sep 2017 
INSIGHTS / Articles

Security Will Move to a Converged Approach

 19 Sep 2017 

Technology is converging. Adoption of Internet of Things (IoT) devices is growing exponentially and these devices are being increasingly leveraged by information technology (IT) and operational/industrial technology (OT). Buildings and homes are also becoming “smart” and “connected”, with surveillance systems, thermostats, door controls, and heating, ventilation, and air conditioning (HVAC) being connected and going to the Cloud.

Attackers are very adept at finding cracks in any defence. They don’t care if it’s a crack in physical security, industrial control systems, or classic IT environments. They focus on where they can inflict as much damage as possible.

Security leaders and vendors have to start looking at the entire security risk. A breached laptop can be used to hop over to the chlorine controls of the hotel swimming pool and inflict real-world damage to property and people. It’s not only about protecting the contents of the laptop, but also the access it has to whichever network it is attached to. A siloed approach needs to be replaced with a holistic one.

Here are a few questions to ask yourself:

Which are the critical areas in our network?

“Critical” used to mean the valuable data and systems within an organisation. Widen this scope to include people, processes, and technology.

Is there full stack visibility?

You need to know how your business is relying on IT systems and how they’re tied together. Stage two is to find out what lateral movements are possible on your infrastructure. For example, whether it is possible to reach HVAC systems from the network connection of a printer.

Is our response process functioning correctly?

Failing to plan is planning to fail. You need to be prepared should a cyber-related incident happen. This could be a crypto locker outbreak or the detection of an intruder on your systems. If this happens, how will you respond?

Are our systems designed and developed with security in mind?

Resilience, security, and performance are often approached as one of those implied artefacts of infrastructure and systems. Look at the design requirements and check which ones are really connected to security. Making assumptions can lead to failure.

Approach security as a result of proper design. Like a car with crumple zones which, in case of a crash, absorbs the energy of the crash, IT systems should be designed in the same way. The same goes for system hygiene, where a system needs to be maintained to keep everything running properly. For example, the simple act of servicing your car’s brakes can save lives.

Fail-safe or fail-secure were terms initially attached to software. It’s time to apply these to the full stack of technologies which make up your IT landscape.

Secure your environment

The risks associated with system vulnerabilities are substantial. Instead of waiting for your information to be exploited, systems corrupted and brands damaged, you can take the initiative and protect yourself.

We can provide you with in-depth reports into weaknesses that attackers could exploit in your specific system. With this valuable insight, we can then help you secure your systems in the areas of development, use and infrastructure.

Visit our Security Testing section to find out how we can close these loopholes for you.

Ferdinand Hagethorn

Director - Security Services

Protect Your Data and Reputation

We can help you protect your valuable assets and brand reputation. Following an international best practice methodical approach, we provide you with in-depth reports into weaknesses that attackers could exploit in your specific systems. We can then work with you to close these loopholes.
 
Find out how Planit’s three-pronged approach to security testing can help you protect your systems by addressing development, use, and infrastructure.

 

Find out more

Get updates

Get the latest articles, reports, and job alerts.