Hoisting new cybersecurity standards

We are t-minus 71 days to Brexit and the unknown looms with unpredictability. Will closed borders and pricey artichokes (fun fact: the UK imports 98% of its artichokes from the EU) shape the UK post October 2019? And will this event impact our digital borders too?

The internet is global so whether countries build brick-and-mortar walls or place restrictions of human movement across geographic boundaries, information will continue to flow across our almost fully borderless digital world. 

While governments can implement border controls and watchlists to monitor the movement of criminals who commit ‘physical’, non-digital crimes, cybercriminals can waft past these security mechanisms because cybersecurity needs different systems in place to manage digital misdemeanors. There are global standards for example, for money laundering, as well as human rights’ Standard Minimum Rules for the treatment of prisoners. 

Whatever your stance on Brexit, in or out, the EU has provided its citizens with a set of standards by which we can travel, conduct trade and deem what level of carbon emissions are justifiable. The fundamental point of any type of standard is that it ensures consistency, sets the bar for what acceptable (if not necessarily ideal) looks like, and enables interoperability.

So when the internet emerged, the good and the great deemed it necessary for internet-governing standards to be levied, global standards that attempt to ensure your time online is as secure as possible. 

Ubiquity of standards 

Just as an individual in the UK, will search for a Gas Safe Registered tradesperson (previously CORGI) before commissioning gas-related work at their home, most government agencies will also expect a potential provider of IT supplies to comply with a list of accreditations and cyber security standards. 

The ISO 27001 accreditation you should look out for.

In our everyday lives, there are standards for drinking water, building, advertising, and organizations working in these industries will comply with the requirements if they’re to legally operate in the market. Similarly, in the digital world, standards such as Transport Layer Security (TLS) exists to ensure secure end-to-end communications (the only way that secure eCommerce exists today). Another well-known standard is the ISO 27001 specification which is part of a larger framework for information security management, that many credit with the world-wide improvement of organizational security and risk management. 

The reason for these technical standards, as well consumer standards is that they provide the user of the service with a sense of assurance. You’re more likely to make a $100 purchase from a website that has an SSL certificate than not; as head of procurement for a financial institution, you’re more likely to partner with a supplier that is ISO 27001 accredited. These standards enable you to quickly identify which provider to use, helping to speed up the evaluation and purchasing processes. 

Standards become standard practice 

Clearly standards aren’t a new phenomenon, but the reason we’re talking about this today is that we’re seeing the pace of development of standards increase in the realm of cybersecurity. We’ve witnessed the list explode, from a handful of standards to a raft of them in just a few years (do CSP, DMARC, ARC, MTSC, Expect CT ring any bells?) because vendors are beginning to recognize that this has to be the future for global cybersecurity best practices. 

Baking standards into technology solutions levels the playing field – it can make it easier to communicate with other solutions using the same standards as well as making it easier for your clients and prospects to shortlist you. 

TLS only worked because all financial organizations agreed to use the protocol, so as more technical standards filter into the cybersecurity sphere, more vendors will need to adopt the standards in order to secure the (almost) borderless internet in which we work and play. We’re advocates of a standards-based security system as this not only helps to democratize cybersecurity solutions for all, rather than uphold a more money = better protection model, but it also indicates that the players in the industry are in fact contributing to safer online world.

If you have any questions about any of the security standards written above or other queries surrounding the technology, please get in contact with one of the Red Sift team!

PUBLISHED BY

Red Sift

21 Aug. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more
Certificates

How to build an inventory of certificates for PCI DSS 4.0 Requirement…

Rebecca Warren

We talk to organizations daily that are preparing for PCI DSS 4.0 requirements. March 31, 2025 marks the end of the transition period, and on this date, businesses must be fully compliant with PCI DSS v4.0.1.  One of the ways PCI 4.0.1 varies from PCI 3.2 is an updated Requirement 4, which covers encrypting…

Read more
DMARC

Getting started with the OnDMARC API

Nadim Lahoud

The OnDMARC API is great for performing bulk or repetitive tasks that need to be performed quickly, often and without error – and you don’t need to be a developer or even know how to code to use it. Here, I will walk you through how to perform the common task of updating the…

Read more