NSFOCUS, a specialist in advanced network and application security based on intelligence, was founded in 2000. In September 2015, NSFOCUS branched out with the establishment of NSFOCUS IB (International Business), headquartered in Santa Clara, California. Aftab Afzal is Senior Vice President and General Manager for the EMEA (Europe, Middle East and Africa) region at NSFOCUS IB.
NSFOCUS IB’s UK presence is expanding, with the company currently carrying out work to build its research team. One of the tasks Mr Afzal had to focus on upon his arrival at NSFOCUS IB was to ensure the company’s UK location could accommodate its new talent. Currently NSFOCUS is working with UK Trade & Investment (UKTI), looking at collaboration with universities and PhD graduates in forensics and computer science and taking them into its research labs. It is also in talks with Royal Holloway and Cambridge universities.
Cyber security today faces a multitude of threats. Both old and new hackers have a whole arsenal of weapons in their locker. Malicious software such as ransomware can encrypt a hard drive and steal sensitive or financial data. If the victim does not own a backup server, the price of decryption can be high.
Intrusion and disruption are significant consequences; however, depending on the sensitivity of the data, the repercussions of the breach itself can be devastating – for instance, if the leak is government information.
Mr Afzal warns, however, of a bigger threat to modern cyber security. He said: “The bigger threat is keeping up to date with the latest threats globally, and having the correct defences in place. As there are so many threats, one of the challenges we’re facing is masses of data coming in. You can easily drown in a sea of noise and it’s hard to decipher the good from the bad to make the intelligence actionable and effective without impacting business productivity. So the biggest challenge is creating cyber defences for new threats and old threats without impacting productivity.”
But how can companies decide what cyber security solution is best for them? The process involves undertaking risk analysis to find out where the critical risk points lie and making sure they’re covered. It involves engaging with a host of cyber security vendors, digesting varied inputs/outputs and learning where they can add value, but not adopting too many partners.
Mr Afzal explained: “You should create your policy first, understand what you’re trying to achieve, but take into consideration the evolving threat landscape. Look at industry and government trends as a whole and find out what they are doing to predict what threats are coming and from where. From this you can begin to build defences, starting from your network perimeters, which are becoming wider due to the adoption of cloud services.”
For suppliers in the defence industry, cyber security is essential. Many companies today have been mandated by defence purchasing organisations to have a certain level of cyber security. These are best practice regulations, and if they are not followed, buyers may turn to alternative suppliers who will enforce them.
Companies must conform to a minimum level of security in line with security policies set internally by defence organisations. Whether you are in maritime, air or land, the required level of cyber security, just as with everyday security, is the same.
However, some companies overlook cyber security simply because IT and security are seen as a cost and not as revenue generating. SMEs in particular need to consider what the cost would be if they were attacked. Loss of data can subsequently lead to loss of customers, suppliers and contracts. Companies need to find the correct balance.
Mr Afzal commented: “Companies can outsource the critical work and hire external agencies to deduce where the dangers are. There are affordable products directed specifically at SMEs that incorporate a host of security features. A company can also train an employee such as an IT manager on a security solution, if the work being carried out is not too complex or critical. A solution without the correct management and service behind it will only be as good as it was when it was bought.”
Companies can stay ahead of the cyber threat by undertaking continuous training. Security training such as Certified Information Systems Security Professional (CISSP) can teach you how to effectively protect information and defend data from unauthorised access. There is also a variety of security training for organisations using the cloud to store and share data.
Mr Afzal noted: “The good thing about these accreditations is that you have to attend seminars and training events to remain accredited, and while you gain points for attendance, you also remain up to date on the latest threats.
“Events such as E-Crime Congress and Infosecurity Europe as well as events run by the Cloud Security Alliance provide companies with up-to-date information and training. There is a lot of research and continuous processes for a company to stay on top of things. You will have training programmes for security professionals and awareness programmes on how to train staff to use the programmes based around your policies.”
Mr Afzal also provided some advice for cyber security SME’s seeking to expand their business.
He said: “There are organisations such as UKTI where you can gather information. You can attend community events such as those run by the Cloud Security Alliance – go and speak to them and try to get your foot in somewhere. UKTI and other agencies are very helpful and there is a huge amount of government resource helping UK industry to get better.”
Finally, Mr Afzal provided MOD DCB with his predications for the future of cyber security. With cyber being such a hot topic, it is apparent that computing companies are branching out more and more into this ever-evolving sector.
He said: “Because cyber security has a huge buzz right now and a growing market, there are many large organisations moving into cyber security who were not focused on this area previously. Notable examples include EMC, an information management storage company who purchased RSA Security, a company working in protecting and managing online identities and digital assets in 2006.
“Then in January 2011, Dell signed an agreement officially announcing its intention to acquire SecureWorks, a provider of information security services. All these big organisations had been selling computing and are now going into security. You then see many of the network operators expanding their cyber security offering also.
“From this I feel we will continue to see large computing and consulting organisations enhancing cyber security offerings and cyber defence services that can be outsourced. I predict that there is going to be more consolidation.”
Mr Afzal concluded: “Furthermore, although we have seen a big push for cloud security platforms, I think people are starting to realise that you often lose a lot of visibility, in that you can’t see who’s attacking you. From this, I predict that there will be a gesture towards hybrid cloud, an orchestration between private and public cloud services.”
If you would like to join our community and read more articles like this then please click here
Bitdefender Cyber cyber security Defence defense IoT IT NSFOCUS password