Posts Tagged :

Industry

Guest Blog, Adrian Crawley: Transforming security skills for a changing industry landscape…

800 450 Jack Wynn

Talk to any security specialist and they will tell you that, today, the number of different security attacks they potentially face is overwhelming. It’s the direct result of two trends. Firstly, professional hackers have become more sophisticated in their approach using automated attacks, whereby robots are used to launch very advanced persistent attacks, and secondly, the new wave of ‘off the shelf’ hacks that can be bought for as little as £20 are able to cause untold damage to a network. 

Of course, Bots aren’t new, but this year alone the industry has seen an extraordinary rise in their use, posing a big question to company security experts – can we cope? And the simple answer is no. Trying to respond to bots and make complex decisions quickly enough is something the human brain is simply not equipped to deal with; nor is it capable of managing high intensity attacks for days on end.

In response, more and more companies are employing good bots to fight back in a bid to move their security experts from the front line to more strategic development roles.

Strategy is such a fundamental part of security today. No longer is it possible to react on the spot; you need to anticipate the threats and stay ahead. Plus, it needs to be done in line with the overall company strategy and in conjunction with suppliers.

Suppliers are often overlooked, but today skills need to extend beyond your organisation and ensure that your internet service provider (ISP) for example won’t be the ‘cyber domino’ that takes you down. ISPs are one of the most targeted facilities because they are an easy route to attacking hundreds of companies at a time – attack once, damage many. The development of contracts that cover this risk is common practice and should not be underestimated.

In terms of company strategy, if you are moving to an internet of things model, or have ambitious plans to expand market share, your networks, and your partners’ networks, this will inevitably need to change and be able to manage a new level of demand to ensure consistent delivery and a great customer experience.

That’s why finding the tools that will always detect and mitigate the risks is an essential part of network and application delivery today. However, it’s also a necessity to know what the risks will be; they change so rapidly and it can be an impossible task to monitor the risks when you already have other responsibilities.

It’s thought that more than 20 per cent of companies are now turning to ex-hackers for help (37 per cent say they are considering it). As risky as it may sound, many IT directors have identified that they are able to tap into sources in the ‘darker’ web and listen into conversations that are happening between individual hackers, and organised groups. They are also able to spot the malicious technology developments and even tell you the next target, well before they hit.

As I say, for security professionals that have built a reputable career, this whole approach can seem an oxymoron. Why potentially cultivate an enemy within? It’s therefore important to have the right checks and balances, and day-to-day management skills in place to ensure conduct is above board at all times. Or indeed, assess if a security partner who employs the skill is a better option.

Whatever path you choose, the future will be constantly changing, and when security attacks are a question of when not if, every company needs a plan in place. How they are shaped will be down to the organisation and the sector it operates in, but understanding how technology and skill are blended will be an essential part of a successful strategy.

Adrian Crawley is responsible for the Northern EMEA region at Radware, specialising in network and application security. He oversees the cyber security for international brands as well as medium sized enterprises in a mix of sectors including finance and insurance, retail, utility, public sector and telcos and ISPs. 

Industry Spotlight – Morgan GRP: ‘No one can afford to pay lip service to staff training’…

800 450 Jack Wynn

Security manufacturing is a growth industry and, by nature, is one that continues to develop. As the nature of threats continues to change, security offerings and products are developed and refined to meet these threats. 

And with newer markets becoming more dominant – such as the renewable and nuclear sectors – output changes need to meet these increased demands. The opportunities for career progression are manifold; and savvy employers will do all they can to support their most valuable staff members, maintaining updated and relevant skill sets.

No one can afford to pay lip service to staff training and progression. In the world of security, the reputation and the success of companies like Morgan GRP stands and falls on the calibre of its colleagues.

Our turnover is approaching £21 million and it bucked the trend during the most recent period of recession in the UK, continuing to grow turnover year-on-year; making a direct investment in the workforce every year has spurred us on achieve this growth.

We do this in a number of ways. Each year, we take on two electrical and fabrication apprentices who are given one-on-one mentoring, and progress is charted using a series of prescribed benchmarks.

Because our field is highly regulated, it is vital for us to ensure our certifications are up to date, and this is an ongoing process we attend to on a rolling basis, including for our welding, fabrication and construction teams.

This year, Morgan GRP is going through one of the most important chapters since its inception, with a renewed drive to push the company towards greater productivity. In addition, we are currently investing £1 million in a new Enterprise Resource Planning (ERP) system as part of a wholesale expansion and revisioning drive, resulting in the largest training programme we have ever undertaken.

The system integrates all applications across the group; managing the business and to automate many back-office functions relating to IT, services and HR. A wholesale readjustment of the business brings challenges for staff as well as opportunities for advancement.

The phasing in of the new ERP system has seen a steering group of directors and managers making a commitment to immersion and training sessions three times a week, familiarising themselves with its processes. These will then be shared across the whole group. 

Moving into the next stage of the firm’s life took some bold thinking and our determination to reshape our way of working and has seen us take on key new recruits, some of whom specialise in change management itself. Many of our directors, including our group managing director, Martyn Ingram, began his career on the shop floor here; therefore, the management style we uphold is open and collaborative.  

We don’t issue edicts; this isn’t a healthy way of developing staff or helping them achieve their best performance. Within the Morgan GRP family we have a number of employees who started out on our apprenticeship scheme, and have stayed with us until retirement.

This is something that gives us great personal satisfaction, but, in some ways, it makes it even more important that we attend to training and personal development very carefully.

It is perhaps easier to stagnate if you have been with a company for many years. But it is also easier to ‘take people with you’ if colleagues feel they have a personal investment in the future of a company and if you have strong interpersonal bonds as a workforce. We are fortunate enough to have that and it is something we foster and value.

 

Find out more about Morgan GRP here