Hoisting new cybersecurity standards

We are t-minus 71 days to Brexit and the unknown looms with unpredictability. Will closed borders and pricey artichokes (fun fact: the UK imports 98% of its artichokes from the EU) shape the UK post October 2019? And will this event impact our digital borders too?

The internet is global so whether countries build brick-and-mortar walls or place restrictions of human movement across geographic boundaries, information will continue to flow across our almost fully borderless digital world. 

While governments can implement border controls and watchlists to monitor the movement of criminals who commit ‘physical’, non-digital crimes, cybercriminals can waft past these security mechanisms because cybersecurity needs different systems in place to manage digital misdemeanors. There are global standards for example, for money laundering, as well as human rights’ Standard Minimum Rules for the treatment of prisoners. 

Whatever your stance on Brexit, in or out, the EU has provided its citizens with a set of standards by which we can travel, conduct trade and deem what level of carbon emissions are justifiable. The fundamental point of any type of standard is that it ensures consistency, sets the bar for what acceptable (if not necessarily ideal) looks like, and enables interoperability.

So when the internet emerged, the good and the great deemed it necessary for internet-governing standards to be levied, global standards that attempt to ensure your time online is as secure as possible. 

Ubiquity of standards 

Just as an individual in the UK, will search for a Gas Safe Registered tradesperson (previously CORGI) before commissioning gas-related work at their home, most government agencies will also expect a potential provider of IT supplies to comply with a list of accreditations and cyber security standards. 

The ISO 27001 accreditation you should look out for.

In our everyday lives, there are standards for drinking water, building, advertising, and organizations working in these industries will comply with the requirements if they’re to legally operate in the market. Similarly, in the digital world, standards such as Transport Layer Security (TLS) exists to ensure secure end-to-end communications (the only way that secure eCommerce exists today). Another well-known standard is the ISO 27001 specification which is part of a larger framework for information security management, that many credit with the world-wide improvement of organizational security and risk management. 

The reason for these technical standards, as well consumer standards is that they provide the user of the service with a sense of assurance. You’re more likely to make a $100 purchase from a website that has an SSL certificate than not; as head of procurement for a financial institution, you’re more likely to partner with a supplier that is ISO 27001 accredited. These standards enable you to quickly identify which provider to use, helping to speed up the evaluation and purchasing processes. 

Standards become standard practice 

Clearly standards aren’t a new phenomenon, but the reason we’re talking about this today is that we’re seeing the pace of development of standards increase in the realm of cybersecurity. We’ve witnessed the list explode, from a handful of standards to a raft of them in just a few years (do CSP, DMARC, ARC, MTSC, Expect CT ring any bells?) because vendors are beginning to recognize that this has to be the future for global cybersecurity best practices. 

Baking standards into technology solutions levels the playing field – it can make it easier to communicate with other solutions using the same standards as well as making it easier for your clients and prospects to shortlist you. 

TLS only worked because all financial organizations agreed to use the protocol, so as more technical standards filter into the cybersecurity sphere, more vendors will need to adopt the standards in order to secure the (almost) borderless internet in which we work and play. We’re advocates of a standards-based security system as this not only helps to democratize cybersecurity solutions for all, rather than uphold a more money = better protection model, but it also indicates that the players in the industry are in fact contributing to safer online world.

If you have any questions about any of the security standards written above or other queries surrounding the technology, please get in contact with one of the Red Sift team!

PUBLISHED BY

Red Sift

21 Aug. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
AI

Staying ahead of AI-powered brand impersonation

Rahul Powar

Executive summary: AI has supercharged brand impersonation, with Q2 2024 seeing nearly half of all processed emails containing spoofing or phishing attempts—40% of which were AI-generated. The scale, speed, and sophistication of these attacks are overwhelming security teams, draining resources on false positives, and leaving critical threats undetected. Consumers are unforgiving when trust is…

Read more
BEC

What is email spoofing and how can you prevent it?

Faisal Misle

Executive summary: Email spoofing is a growing cyber threat where attackers forge the sender’s address to impersonate trusted sources, enabling phishing, business email compromise, and financial fraud. Because legacy email protocols like SMTP lack strong authentication, spoofing can bypass traditional filters. Organizations can mitigate this risk by implementing robust email authentication measures, especially DMARC.…

Read more
Email

What is social engineering and how can you prevent it?

Jack Lilley

Executive summary: Email phishing has evolved and criminals now use social engineering to impersonate executives, suppliers, and even government agencies, persuading recipients to approve payments or disclose credentials. Because human judgment sits at the heart of these attacks, technical controls that eliminate spoofed messages before they reach the inbox are essential. DMARC provides that…

Read more
Cybersecurity

Attackers are abusing Microsoft 365: Here’s how to stay protected

Jack Lilley

Executive summary: Varonis has surfaced an active phishing campaign that spoofs internal users by abusing Microsoft 365’s Direct Send feature. Because Direct Send doesn’t require authentication and is treated as “internal,” these messages often bypass the checks you rely on for outside mail. Microsoft now offers an opt-in switch, RejectDirectSend, to block the pathway,…

Read more