Hoisting new cybersecurity standards

We are t-minus 71 days to Brexit and the unknown looms with unpredictability. Will closed borders and pricey artichokes (fun fact: the UK imports 98% of its artichokes from the EU) shape the UK post October 2019? And will this event impact our digital borders too?

The internet is global so whether countries build brick-and-mortar walls or place restrictions of human movement across geographic boundaries, information will continue to flow across our almost fully borderless digital world. 

While governments can implement border controls and watchlists to monitor the movement of criminals who commit ‘physical’, non-digital crimes, cybercriminals can waft past these security mechanisms because cybersecurity needs different systems in place to manage digital misdemeanors. There are global standards for example, for money laundering, as well as human rights’ Standard Minimum Rules for the treatment of prisoners. 

Whatever your stance on Brexit, in or out, the EU has provided its citizens with a set of standards by which we can travel, conduct trade and deem what level of carbon emissions are justifiable. The fundamental point of any type of standard is that it ensures consistency, sets the bar for what acceptable (if not necessarily ideal) looks like, and enables interoperability.

So when the internet emerged, the good and the great deemed it necessary for internet-governing standards to be levied, global standards that attempt to ensure your time online is as secure as possible. 

Ubiquity of standards 

Just as an individual in the UK, will search for a Gas Safe Registered tradesperson (previously CORGI) before commissioning gas-related work at their home, most government agencies will also expect a potential provider of IT supplies to comply with a list of accreditations and cyber security standards. 

The ISO 27001 accreditation you should look out for.

In our everyday lives, there are standards for drinking water, building, advertising, and organizations working in these industries will comply with the requirements if they’re to legally operate in the market. Similarly, in the digital world, standards such as Transport Layer Security (TLS) exists to ensure secure end-to-end communications (the only way that secure eCommerce exists today). Another well-known standard is the ISO 27001 specification which is part of a larger framework for information security management, that many credit with the world-wide improvement of organizational security and risk management. 

The reason for these technical standards, as well consumer standards is that they provide the user of the service with a sense of assurance. You’re more likely to make a $100 purchase from a website that has an SSL certificate than not; as head of procurement for a financial institution, you’re more likely to partner with a supplier that is ISO 27001 accredited. These standards enable you to quickly identify which provider to use, helping to speed up the evaluation and purchasing processes. 

Standards become standard practice 

Clearly standards aren’t a new phenomenon, but the reason we’re talking about this today is that we’re seeing the pace of development of standards increase in the realm of cybersecurity. We’ve witnessed the list explode, from a handful of standards to a raft of them in just a few years (do CSP, DMARC, ARC, MTSC, Expect CT ring any bells?) because vendors are beginning to recognize that this has to be the future for global cybersecurity best practices. 

Baking standards into technology solutions levels the playing field – it can make it easier to communicate with other solutions using the same standards as well as making it easier for your clients and prospects to shortlist you. 

TLS only worked because all financial organizations agreed to use the protocol, so as more technical standards filter into the cybersecurity sphere, more vendors will need to adopt the standards in order to secure the (almost) borderless internet in which we work and play. We’re advocates of a standards-based security system as this not only helps to democratize cybersecurity solutions for all, rather than uphold a more money = better protection model, but it also indicates that the players in the industry are in fact contributing to safer online world.

If you have any questions about any of the security standards written above or other queries surrounding the technology, please get in contact with one of the Red Sift team!

PUBLISHED BY

Red Sift

21 Aug. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Certificates

Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more
ASM

Red Sift ASM & Red Sift Certificates: the missing link in your…

Billy McDiarmid

According to Gartner, Attack Surface Management (ASM) refers to the “processes, technology and managed services deployed to discover internet-facing enterprise assets and systems and associated exposures which include misconfigured public cloud services and servers.” This broad category of tooling is used within Continuous Threat Exposure Management (CTEM) programs, with many vendors within it having…

Read more
Email

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more