Posted on Jun 29, 2017
Diamond Cyber Security was founded on the belief that robust cyber security can be delivered intelligently to all sectors of industry, at all scales, more effectively than traditional vendors, and at a fraction of the cost currently being offered through auditing and compliance firms.
This belief is built upon decades of experience fighting against complex and dynamic threats.
Taking a first principles approach to the emerging cyber problem reveals insights into the strategy required to mitigate the problem.
We say mitigate, because it is impossible to defeat an adaptive threat.
And cyber is an adaptive threat problem.
Lessons that were hard learned have taught us that you cannot defeat adaptive threats, every action creates a reaction and it’s never ending. So what do we do? We disrupt adaptive threats.
If you attempt to defeat an adaptive threat you make two mistakes. Firstly, you waste money. You over-invest. You seek an expensive silver bullet that any number of vendors are willing to sell you. The threat adapts and your expensive decision leaves you exposed.
Secondly, you begin to convince yourself that the threat can't be defeated so why bother. You are damned if you do and damned if you don’t. You have lost from the outset and become the low-hanging fruit. A soft target.
Solving the problem requires a disruptive strategy. A disruptive strategy must have the following attributes:
- It must be affordable and efficient. You need the greatest effect for the lowest cost. Because it's going to be a continuous or ongoing strategy.
- It must create effective defenses in depth, and those defences need to adapt. A dynamic threat demands a dynamic defense.
Our solutions are intelligent. They are planned and tailored to your environment. They are built around a unique understanding of dynamic threat problems. By design, you defence is prioritised, and therefore less expensive and more effective than silver bullets or a static compliance-based methodology.
Our strategy is not a risk-assessment. A risk assessment occurs during the strategy design and is validated after. This is another common and expensive error from practitioners who are struggling to make conventional risk management models effective and affordable in a dynamic threat environment.
Our experience on and off the battlefield gives us an unprecedented ability to understand the cyber threat landscape. We understand information security. We understand risk management. We understand dynamic threats. And we understand technical solutions.
Our strategy demands efficiency. Efficiency equates to lower costs and improved outcomes for our clients.