How important is trust in cyber security and how can it best be promoted?

How important is trust in cyber security and how can it best be promoted?

"Do we trust the people, do we trust the data, do we trust who's got access to that data, and are they doing the right thing?"

Ahead of teissR3 | Resilience, Response and Recovery Online Summit 2020, Sarah Armstrong Smith, Chief Security Adviser, Microsoft, talks to Jeremy Swinfen Green about trust, insider threat and Zero Trust in cyber security.

teissR3, taking place 15th - 24th September 2020, is the leading event focusing on how you improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Register your place by clicking here.

Video transcript

How important is trust in cyber security? And how can it best be promoted?

Great question. The whole concept of cyber security is predicated on trust. So we have to trust in the people, devices, the locations, everything is do we trust people, do we trust the data, do we trust who's got access to that data, and are we doing the right thing?

So what we have now is this whole concept of zero trust, which is never trust, always verify, assume compromise. Really what that means is just because somebody has bona fide credentials, they might have the right device, they might be logging in from the right location, doesn't necessarily mean that they are the actual bona fide user.

So even if somebody had the right credentials and they were looking on from the right device, we always got to keep checking and verifying what they're doing, what data they're accessing, and whether that is a trusted, bona fide transaction.

We always think about, when we talk about cyber attacks, this one was predicated from an outside in, but we've also got to consider inside out. So actually the insider threat, the insider risk, is just as critical as the outside.

So it's looking at it from a full perspective. If something goes wrong and if that's in your system or data was compromised, it all comes down to how quickly we can detect and how quickly we can react to that incident to enable us to recover those services as quickly as possible.

And in addition, we've also got to think about trust and transparency from our consumers' and users' perspective. So again, that crisis management perspective is being open, honest, about the fact that we've had a breach and what we're doing to rectify that situation.

Copyright Lyonsdown Limited 2020

Top Articles

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

COVID-19-forced work shifts prompting shifts in IT priorities

IT and security teams are changing their priorities to adjust with remote work to ensure productivity amidst COVID-19 related lockdowns.

Tips for building a cyber-security war room

Cyber security war rooms are essential but you need the right team of decision makers to be involved & you need to practice a variety of scenarios

Related Articles