As a vendor, Tripwire gets asked a lot of questions from customers and potential clients about how developments in the wider world might affect digital security. One of those forces that’s on everyone’s mind is Brexit. Representatives from some of our potential customers as well as our existing clients are asking us what to focus on and what to do. Specifically, they’re wondering
Source: tripwirehow Brexit will affect their digital security efforts in general. That’s especially the case if they’re based in the United Kingdom.
To be honest, it’s tough to answer the question of how Brexit will affect UK organizations’ digital security. That’s because there are a lot of variables at play. Let’s look at this in more detail over the next few paragraphs.
A Possible Plus for UK Companies’ Digital Security Post-Brexit
On the one hand, Brexit could make digital security easier for some UK companies that are coming out of the European Union. That’s because leaving the European Union will free these organizations from necessarily needing to trust web traffic from certain countries over others. Think about it. When these organizations are situated within the European Union, digital attackers can reach them not necessarily by breaching their systems directly but instead going after smaller targets.
As an example, a threat actor group sets its sights on a UK organization. It might then decide to go after small German companies that otherwise have nothing to do with their true target but, nevertheless, lack robust security measures. (This is NOT a supply chain attack, so the companies don’t need to be in the same industry or work with the intended target directly.) From there, the bad actors come through those German companies to target the UK organization. They could very well succeed in their efforts, for as it’s situated within the European Union, the UK organization is expecting and has, therefore, trusted traffic coming from Germany. In other words, it is accustomed to seeing traffic from Germany because of those shared ties to the European Union. Unfortunately, these expectations give digital attackers an opportunity to abuse such alliances and open up new avenues of risk.
Things would be different if the UK organization were to find itself in a post-Brexit world, however. Removed from the European Union, that company would have no obligation to trust traffic from any country outside of the United Kingdom. It could therefore easily use security controls to filter traffic from locations it doesn’t want to trust. Alternatively, it could approach incoming web traffic from a whitelisting frame of mind and allow connections from a select few number of places. Doing so could help prevent digital attackers in other countries from attacking their systems, even if they’ve infiltrated the systems of a company based in a foreign nation.
But Does It Really Matter, Anyway?
On the other, digital security really should be different whether UK organizations are in or out of the European Union. Not at least in terms of what types of security measures they should be implementing. In any case, they should start with asset discovery so that they can have a clear idea of what’s on the network and what they need to protect. They can then embrace some of the other foundational security controls like vulnerability management, logging and change monitoring before pursuing more advanced analytical tools that are available to them.
Don’t take just my opinion on the matter. Many security professionals are of the belief that Brexit won’t have an affect on digital security. This became evident in a survey conducted by Tripwire at Infosecurity Europe 2016 when most respondents (64 percent) said there would be no change in UK organizations ability to defend themselves against targeted attacks.
Adrian Davis, regional managing director for ISACA, feels this is the case because of the nature of today’s evolving digital threats:
Cyber threats and attacks transcend national boundaries and politics and the only way we can defend ourselves is to share information and collaborate. I’m confident that, as a profession, we will continue to help each other regardless of whether our nation is in or out.
So Does Brexit Hold Any Significance for Digital Security?
Ultimately, the significance of Brexit for digital security boils down to an opportunity for organizations to rehash their current security posture and measures. It’s a chance to turn things upside down and see if their security measures are still working. Towards that end, they can put up some money to reconfigure their products, train their staff and review their vendors. This last element is important, as Brexit could force some configuration changes in how branches of a multinational company based in the United Kingdom do business and relate to their suppliers.
UK organizations should undertake these efforts with the understanding that security is a single entity unto itself. It should be one of their main foci. With that level of commitment, infosec professionals can subsequently use Brexit to try to appeal to upper management so that they can make changes to their existing security strategies.