CONNECTING THE DEFENCE COMMUNITY WITH INSIGHT, INTELLIGENCE & OPPORTUNITIES

Officially Supported By: Defence Contracts International Supply2Defence

Official Media Partners for:

Justin Dolly, Chief Security Officer of SecureAuth, examines how data leaks from personnel represent the biggest cyber security danger to defence and military organisations. 

When it comes to military and defence organisations today, one of the largest cyber security concerns is not actual attacks – although those are still important and prevalent – but rather data leaks.  

Insider threats and personal devices are two of the biggest causes of data leakage and one of the fastest threats to defences today as more and more devices are making it into sensitive areas. Last year, the fitness app Strava inadvertently exposed sensitive data about exercise routes shared online by soldiers, which could be extrapolated to pinpoint overseas facilities. With this information out in the open and out of the military’s control, defence organisations began clamping down on troops’ use of fitness trackers and apps, and further prohibited the use of GPS features on any government or private gear. 

This exemplifies how the rapid development of new and innovative information technologies bring new challenges to operational security and force protection. It’s crucial for military defence teams to stay on top of these challenges and continue to refine policies and procedures; otherwise, this could put individual members of the military at risk, even when they are not in combat zones. 

 

Identifying the weakest link 

As with most things in life, you’re only as strong as your weakest link – and in any organisation, it’s people. The best firewalls can be defeated by a simple phishing email and flat networks enable intruders to perform lateral movement across an environment with relative ease. New devices and applications can be difficult to keep off the corporate network, introducing a slew of new threat vectors all the while causing frustration among the IT teams that support these networks.  

Therefore, it’s vital for military officials to control access and develop enhanced policies for use or access to their data and networks. So how do you achieve this? Through the implementation of multiple pre-authentication or adaptive authentication techniques without introducing unnecessary friction for the users. Combining strong security with adaptive authentication allows authorised parties to access what they need quickly and easily, while simultaneously keeping malicious and suspicious actors out of the network and systems.  

 

Education, education, education, and secure access control 

A critical component of improving any security programme is education. As demonstrated by the Strava example, a data breach occurs when one or more individuals can read data they are not authorised to access. And it is often because of human errors like this that cyber criminals are allowed to gain access to sensitive material.  

Internal user training can help educate employees and personnel on how to enable secure access control, what threats to look out for and how to report anything suspicious. Therefore, security awareness training should be acknowledged as one of the critical components of a robust security programme. Being armed with the knowledge and skills to protect themselves and their organisations will help prepare employees for the range of security threats they are bound to face; whether from an external cyber attack or from their own misuse of technology or access to data. 

Military organisations shouldn’t neglect their own responsibility to deploy the most secure authentication strategies to mitigate their exposure to cyber attacksThey need to carefully examine how they manage their identity security and address how to differentiate legitimate users from illegitimate ones. Rather than handing over the keys to the very lucrative kingdom, a comprehensive strategy should work to determine if a login attempt is from a legitimate user or from an attacker using stolen credentials. 

 

Prevention is better than breach 

With identity and credential exposure accounting for many high-profile data breaches, prevention is the best protection. Internal training and awareness, and deploying secure access controls, dramatically improves organisations’ defences and helps prevent future cyber attacks.   

The best approach ensures the desired level of security without hindering the user experience. Care should be taken to avoid putting users though complex security measures which can cause user frustrationhave a negative impact on productivity and result in a financial burden to the organisation. The most efficient approaches to security and usability leverage modern techniques that fit both the culture and the needs of the organisation and bring together identity and security.  

When dealing with critical and highly sensitive information, as defence organisations undoubtedly do, the right security approach is to focus on the programmes that will help secure their weakest link: people.  

Want to know more?

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

Post written by: Matt Brown


LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

  • Engage with active defence buyers and key supply chain partners
  • Create your own branded micro-site which within Defence Online which is managed by you
  • Have a dedicated Digital Account Manager to help enhance your Stakeholder page
  • Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels
  • Have your company promoted on our partner website Defence Contracts Online (DCO)
  • All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package


.

RELATED ARTICLES

The new agreement was signed after the Defence Ministers met for annual talks in Australia, ahead of wider meetings together with Foreign Ministers in Adelaide, known as AUKMIN.

March 28, 2024

UK and Australia commit to modernising and deepening defence relationship

A new Defence and Security Cooperation Agreement has been signed at Parliament House, Canberra, by Defence Secretary Grant Shapps and

McLaren Racing’s Accelerator arm and the Ministry of Defence are teaming up to collaborate on high-tech, innovative projects.

March 27, 2024

Land - Ministry of Defence and McLaren team up to drive innovation

McLaren Racing’s Accelerator arm and the Ministry of Defence are teaming up to collaborate on high-tech, innovative projects. As part of