In a recent article for SicherheitsForum, the leading Swiss trade journal for security, Mischa Obrecht, Cybersecurity Specialist, and Jacek Jonczy, Head of Cyber Security Audit & Projects, explained the cybersecurity challenges of highly regulated environments. They outlined the importance of identifying risks in a timely manner, and shared various approaches to ensuring that technology (mastering the flood of data), organisation (integrating the techniques into one’s own environments and processes) and data protection (sensitive data must be protected appropriately) are addressed to mitigate security risks in an increasingly complex environment.
«To establish a balance of power or, ideally, to reverse the imbalance between attacker and defender, a comprehensive view is required. Several measures can be taken to achieve this: Digital tripwire and deception approaches aim to identify malicious activities with a high probability and thus defuse the problem of false alarms. Such solutions are designed to ensure that there is no reason for any normal user to interact with the tripwire system.»
Another approach is to improve accuracy and speed in detecting and dealing with potential incidents. This can be achieved by sharing structured information about new threats (threat intelligence – see Figure below), automating and orchestrating the response, and correlating and contextualising the physical and cyber dimensions: In addition to classic IT infrastructure, the corresponding physical level as well as other technical levels (e.g., operational technology) must be considered. Affected systems must be put in context with each other and events from different domains must be correctly correlated (cross-domain correlation).”
