Malicious actors are using increasingly sophisticated approaches to target businesses, leading some organisations to adopt more agile defence systems.

A growing threat landscape is driving an uptick in fraud, theft and other damaging exploits, as nefarious actors become more adept at using freely available tools to hack and compromise corporate systems. But while artificial intelligence (AI), machine learning and predictive analytics technologies are now all firmly part of the cyberattacker’s arsenal, the number one threat to an organisation remains its people.

Ensuring the right people have the right access to the right resources at the right time is the key to ensuring effective control. As such, companies are increasingly concerned with assessing, analysing and identifying security threats in order to prevent or react quickly to incidents. Making security improvements in the midst of tightening budgets, however, is no easy task, especially when trying to boost productivity and profitability in a competitive industry.

UK-based information security firm Burning Tree is helping clients find innovative solutions in order to affordably identify and deal with threats to their organisations. European CEO spoke to Richard Menear, the company’s CEO, about the changing threat landscape and how businesses can stay one step ahead of cyber attackers.

What is Burning Tree’s story? Why was it created and how has it progressed to where it is today?
Burning Tree started as a security company focused on business processing and services. This was a different approach to most security companies at the time, which were concentrating on network technologies. By applying security to the business process, Burning Tree soon became a leading provider of security consulting services across many industries, solving practical real-world problems within identity and access management programmes.

Today, Burning Tree addresses information security across all domains, including consulting services and business development, by working with some of the most innovative next-generation vendors and solutions.

How does Burning Tree help companies improve deficient security systems?
Burning Tree has been working extensively with its customers to help them understand and identify gaps in their security systems through the use of maturity capability assessments that utilise our proven reference architecture framework.

By using maturity capability assessments as a benchmark, organisations are able to target, improve and measure progress more easily. We believe a holistic approach needs to be taken in order to identify vulnerabilities, while a commitment to continuous improvement is required to tackle deficiencies.

Using innovative technologies and delivering control in a DevOps-style deployment will help to stem the flow of negative events. This means a more strategic programme of work is often required. The main areas of focus for many of Burning Tree’s customers centre on two facets of security protocol: security event management, and identity and access management.

What challenges and opportunities occur when a company moves from a traditional security infrastructure to a new system?
Traditional systems are built as monolithic applications that often take months or even years to scope, develop and deploy. More modern approaches, on the other hand, are being developed using agile methodologies and microservices, where code can be scoped, developed and deployed within days or even hours. The ability for organisations to change the way they think about security controls within the development lifecycle is extremely beneficial.

Code scanning, vulnerability checking and the use of new technologies, like secure containers, are the principal elements driving security control in these newer systems. This more dynamic methodology – typically deployed using cloud and mobile technologies – has significantly increased the attack surface of organisations. As a result, the use of next-generation security technologies, such as AI, machine learning, virtualisation and containerisation, is critical to securing the new landscape.

How has the threat landscape changed since Burning Tree was founded in 2003?
The cloud, the processing power of computing hardware and the proliferation of mobile technologies have all developed significantly over the past 15 years to make technology ubiquitous. Today, white goods, motor vehicles and nearly everything else we touch are all accessible via the internet – commonly referred to as the Internet of Things.

Tools are readily available and easily accessible to anyone who wishes to use them to compromise systems for criminal activities, ‘hacktivism’ or to simply prove they can

However, tools are also readily available and easily accessible to anyone who wishes to use them to compromise systems for criminal activities, ‘hacktivism’ or to simply prove they can. Attacks by nation states using advanced persistent threats have also been on the rise for political, as well as commercial, reasons.

What new, innovative security methods are being developed within identity and access management? How do they compare to previous methods?
Adaptive authentication technologies are the leading tools being deployed by organisations to ensure the person authenticating is actually the authorised user. This is typically achieved by using authentication credentials in combination with geolocation, device characteristics, certificates, credentials, biometrics, user behaviour and other identifiers.

Blockchain also offers a new approach for individuals wanting to create, store and manage their own digital identity. This can then be used across a wide range of applications, from authentication at various trust levels to applications for services and products. A future where we control our own identity on a mobile device is very likely. We could prove our age, store our driving licence and passport information, and access offices, homes and our cars with our personal mobile device.

Are these new methods, like adaptive authentication, blockchain technology and AI, popular with customers? Do they pose any complications?
Conversationally, these themes are very popular with Burning Tree’s customers and the wider market more generally. Adaptive authentication is widely used in the financial services industry and among fintech firms.

Similarly, blockchain currently has a few practical identity applications, such as with student identity, age verification and the Know Your Customer initiative – and it could be used for many additional scenarios in the near future. The idea behind blockchain also promises to allow individuals to manage all of their own personal data. A number of Burning Tree’s partners have developed innovative technologies and use cases in this area that are already being implemented commercially.

How does the European market for security solutions compare to others? How do you help firms grow their market share in Europe more quickly?
Europe is a leader in security consulting services, with innovative solutions seen across organisations, whether they are based in financial services, manufacturing or retail. After North America, malicious actors target Europe more than any other geographical region, driving the need for better security controls.

Many of our partners in this space are innovative emerging technology companies based outside of Europe that want to use Burning Tree’s extensive network and wide range of experience to grow their market share across Europe. As such, we often present regular briefings and talks at industry events alongside our partners in order to increase their exposure.

*This article was originally published in the Summer 2018 edition of European CEO magazine.