Hoisting new cybersecurity standards

We are t-minus 71 days to Brexit and the unknown looms with unpredictability. Will closed borders and pricey artichokes (fun fact: the UK imports 98% of its artichokes from the EU) shape the UK post October 2019? And will this event impact our digital borders too?

The internet is global so whether countries build brick-and-mortar walls or place restrictions of human movement across geographic boundaries, information will continue to flow across our almost fully borderless digital world. 

While governments can implement border controls and watchlists to monitor the movement of criminals who commit ‘physical’, non-digital crimes, cybercriminals can waft past these security mechanisms because cybersecurity needs different systems in place to manage digital misdemeanors. There are global standards for example, for money laundering, as well as human rights’ Standard Minimum Rules for the treatment of prisoners. 

Whatever your stance on Brexit, in or out, the EU has provided its citizens with a set of standards by which we can travel, conduct trade and deem what level of carbon emissions are justifiable. The fundamental point of any type of standard is that it ensures consistency, sets the bar for what acceptable (if not necessarily ideal) looks like, and enables interoperability.

So when the internet emerged, the good and the great deemed it necessary for internet-governing standards to be levied, global standards that attempt to ensure your time online is as secure as possible. 

Ubiquity of standards 

Just as an individual in the UK, will search for a Gas Safe Registered tradesperson (previously CORGI) before commissioning gas-related work at their home, most government agencies will also expect a potential provider of IT supplies to comply with a list of accreditations and cyber security standards. 

The ISO 27001 accreditation you should look out for.

In our everyday lives, there are standards for drinking water, building, advertising, and organizations working in these industries will comply with the requirements if they’re to legally operate in the market. Similarly, in the digital world, standards such as Transport Layer Security (TLS) exists to ensure secure end-to-end communications (the only way that secure eCommerce exists today). Another well-known standard is the ISO 27001 specification which is part of a larger framework for information security management, that many credit with the world-wide improvement of organizational security and risk management. 

The reason for these technical standards, as well consumer standards is that they provide the user of the service with a sense of assurance. You’re more likely to make a $100 purchase from a website that has an SSL certificate than not; as head of procurement for a financial institution, you’re more likely to partner with a supplier that is ISO 27001 accredited. These standards enable you to quickly identify which provider to use, helping to speed up the evaluation and purchasing processes. 

Standards become standard practice 

Clearly standards aren’t a new phenomenon, but the reason we’re talking about this today is that we’re seeing the pace of development of standards increase in the realm of cybersecurity. We’ve witnessed the list explode, from a handful of standards to a raft of them in just a few years (do CSP, DMARC, ARC, MTSC, Expect CT ring any bells?) because vendors are beginning to recognize that this has to be the future for global cybersecurity best practices. 

Baking standards into technology solutions levels the playing field – it can make it easier to communicate with other solutions using the same standards as well as making it easier for your clients and prospects to shortlist you. 

TLS only worked because all financial organizations agreed to use the protocol, so as more technical standards filter into the cybersecurity sphere, more vendors will need to adopt the standards in order to secure the (almost) borderless internet in which we work and play. We’re advocates of a standards-based security system as this not only helps to democratize cybersecurity solutions for all, rather than uphold a more money = better protection model, but it also indicates that the players in the industry are in fact contributing to safer online world.

If you have any questions about any of the security standards written above or other queries surrounding the technology, please get in contact with one of the Red Sift team!

PUBLISHED BY

Red Sift

21 Aug. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more