Why cyber security is a team sport

Strategic Relationship Manager, BAE Systems Applied Intelligence Read time: 3 mins
Doug Brown explains why collaboration is the essential ingredient in ensuring cyber resilience is embedded within an organisation
Why cyber security is a team sport Last year, right at the start of the pandemic, engineers from across BAE Systems came together to develop the AirCare ventilator, which went from concept to functioning design in just a few weeks. As an example of teamwork in action, it’s hard to beat.
 
This type of collaboration should not be limited to a global health emergency, however. Collaboration within cyber is just as important. That’s because cyber security is a complex topic, one where we face incredibly capable adversaries ranging from cyber criminals intent on extorting business’ data, through to nation states intent on conducting espionage operations.
 
Tackling such challenges requires a combination of the right people, the right skills and the right technology – collaboration, in other words.
 

Strength in collaboration

The more organisations can work together the easier it is to be able to respond to the threat. This resilience stems from the fact they can count on mutual understanding and relationships between people who can work together in a crisis. It may be an overused cliché, but cyber-security really is a team sport, from those setting strategies, policies and frameworks, to those conducting forensic investigations in a computer’s active memory.
 
Identifying the links between two seemingly unconnected pieces of information is a hard challenge, but it’s key to building true resilience in an organisation. Technology may be an enabler here, but diversity and a breadth of skills is vital. Through a diverse and inclusive culture, we are able to consider angles that otherwise just would not have been possible before.
 
Diversity in cyber has a number of different aspects. It’s not just about encouraging a range of skill sets in cyber, but also greater gender diversity. Cultural diversity is of course vital too, while another important consideration is the international angle. When looking through the lens of a multinational organisation with a complex and global IT estate, you can’t just focus on protecting your data within your home country.
 
Take supply chains, for example. Unfortunately, in cyber security terms, you are only as strong as your weakest link, and that’s why a collaborative approach is vital. Any attack against an organisation within a supply chain, is likely to be an attack against all. Collaboration in resolving an incident and identifying lessons learnt is far more productive than actually improving everyone’s defensive postures. This team ethos, for me, is what resilience through collaboration is all about.
 

Talking up the tech

But while people collaborating and sharing information as freely and quickly as possible is vital, resilience isn’t just about people. It’s also about people’s relationship with technology.
 
As human beings, we have our limitations, and given the millions of cyber-security incidents we see each day we rely on a breadth and depth in capabilities to deliver organisational resilience. A good way of achieving this is blending human traits of agility and adaptability with an Agile approach to using the right technology for the right purpose. It’s not about being set in approach, but actually finding the right way to maximise human and technological potential – and this is usually the optimum approach to deploy.
 
Take technologies such as MISP, for example. This ensures that monitoring systems are adapted every day to ensure that organisations can continually remain resilient to the latest threats. However, technology also has its limitations, and indicators are very often the product of analysts’ efforts in finding new compromises.
 
So again, we see how important collaboration is; collaboration between threat intelligence analysts and network defenders, for example, and the threat intelligence they consume and how this knowledge iterates over time to build a bigger picture that, in turn, produces further intelligence which can then be fed back into the machine. Thus while technological capabilities are important in improving how an organisation can increase its resilience, it is how an organisation couples its people with the technology it uses which is key.
 

Mindset matters

Beyond technology, it can be argued that to be resilient as an organisation, it requires a resilient mindset and strategy. Setbacks happen and organisations are unable to forecast everything years in advance, so we must plan for the worst. Increasing awareness and making sure that staff expect and prepare for incidents are key.
 
The last thing any business should do when they’ve detected an attack is to waste time working out who to call and who to bring in; time is of the essence when it comes to resilience and making sure that everyone is clear on the part they play and how they collaborate. And once the dust has settled on an incident, look back, learn lessons, be honest with each other and most importantly apply anything that’s been learned.
 
This all means that resilience at its core is an organisation’s ability to recover and respond to an event such that it is unnoticeable to most. Cyber security requires both logical and lateral thinking, something inherent. We must be confident that through collaboration we can remain resilient, keep calm and carry-on through a crisis.
 

About the author
Doug Brown is a Strategic Relationship Manager at BAE Systems Applied Intelligence 
Ransomware’s Perfect Storm

Explore our latest Insights on

Threat Intelligence

Understanding the evolving threat landscape is a key part of maintaining robust defences. BAE Systems' Threat Intelligence team generate original insights through research and collaboration with customers and partners. Here we share the latest findings from our team.
Find out more

Recommended reading

  • Enabling smarter cyber security at home. The pandemic has revolutionised our working practices but in doing so it’s also opened the door to increased cyber attacks. Sugee Bhanoo examines what can be done
  • Conflict in the grey zone: Preparing ourselves against cyber opponents. When it comes to the cyber arms race, Miriam Howe says that preparation, collaboration and adaptability are critical
  • Stepping up on Cyber Defence. Christine Maxwell is a woman on a mission – a cyber mission. She tells Mivy James about overseeing the ever evolving challenge of Cyber Defence and Risk at the UK’s Ministry of Defence
  • The Cyber Threat: before, during and after lockdown. No sector of society has proved immune to the spiralling effect of Covid-19 – and that includes cyber security. With the kaleidoscope shaken and pieces still in flux, Adrian Nish examines its impact so far
  • How to stay ahead in the cyber arms race. With many countries moving significant funding towards developing offensive cyber capability, Dr Mary Haigh examines what needs to be done to stay ahead of adversaries
  • Rising to the cyber challenge. How is the UK responding to the myriad cyber challenges and opportunities which pockmark today’s global landscape? In this guest blog, Dr Henry Pearson, the UK’s Cyber Security Ambassador talks priorities, plans and progress
  • Bringing data to the party. Caroline Bellamy is on a mission to transform how the UK Ministry of Defence uses data. She tells Mivy James about her 30-year career in industry and why data holds the key to smarter and faster decision-making across Defence
top
Doug Brown Strategic Relationship Manager, BAE Systems Applied Intelligence 10 August 2021