Also co-authored by Luisa Colucci, Lucia Cozzolino, Silvia Peschiera, Emilia Cozzolino and Vita Santa Barletta.

European Cyber Security Month (ECSM), celebrated every year in October, is a European Union (EU) advocacy campaign designed to promote security awareness among citizens.

ECSM has continued to grow since its inception in 2012. The 2018 agenda featured more than 350 events and activities across all EU member countries. ECSM’s schedule also included a rich series of conferences, training sessions, videos, webinars, demonstrations and more, giving eager participants many opportunities to get involved and learn more about security.

The contributors of this article participated in many events and collected many questions about the cybersecurity industry from other attendees. This article gathers those frequent questions, whose answers initially seemed obvious and straightforward, but were very quickly unveiled to more complicated than we previously thought.

Is Cybersecurity a Challenge or an Opportunity?

For people working in the industry, cybersecurity is an opportunity. This may not be the answer people expect, but being direct is important, and the reality is that cybersecurity drives a multibillion-dollar market. Today, the cybersecurity industry is absorbing a lot of talent, and a lot more will be requested in the future. Let’s start with the challenges.

The first challenge organizations face is the need for growth. Enterprises must adopt new technologies or they will be left behind. It is not just about being more profitable. If healthcare devices that are inserted into the body required a medical inquiry for tuning yesterday, today this can be done without a medical inquiry as the medical device can be controlled with WiFi — but it can also be hacked. Therefore, threats impact growth. Compliance also impacts growth. In fact, if compliance is about the execution of security controls necessary to mitigate the possibility of an attack, if there is a penalty associated with the compliance, the penalty has an impact on the financials of an enterprise.

The second element to consider is that enterprises have invested a lot in different technologies and processes, but have not spent enough integrating them. Processes are actually less integrated than products. For example, security information and event management (SIEM) is rarely integrated with vulnerability management or patch management, and misconfiguration actually continues to be one of the major vectors for data breaches.

Another challenge is the ever-growing mass of operational technology (OT) and Internet of Things (IoT) devices connected to network infrastructure. The adoption of IT practices related to these devices is a good thing, but it is not always as straightforward as one might imagine because processes are totally different and vary from one industry to another. For example, if something goes wrong on a train, the train stops. However, if something goes wrong on a plane, you cannot just stop it midflight. In addition, we are exposed to highly sophisticated malware agencies that can develop phishing campaigns and malware, control devices and recycle cryptocurrencies.

Moving to the opportunities, many tend to think that the cybercriminal population is different than the traditional criminal population, but this is not true. Because of the cyberworld, criminals have just been moved into the cyberspace, leaving the overall entropy unchanged with the difference that in the real world, the perfect crime is possible. In the cyber world, threat actors always leave something behind — a trace. We need technologies that can help us find those traces among billions of unstructured records. Artificial Intelligence (AI) can help with such a task. Finally, criminals also use the cyber world. This is a great opportunity to use the same investigation techniques developed in cybersecurity to stop the more old-fashioned and traditional criminals.

Who Are the Bad Guys?

We cannot always claim that those who work on the defensive side are good, and those who work on the attacking side are bad. This would be like saying that those who carry a gun are inherently bad — it is not as simple as one might think. We actually need to consider two elements. The first is that many increasingly think cybersecurity is something that has an intrinsic value, and that someone else can take care of it. For example, if we develop a camera with a traditional operating system where a password is stored on the firmware, we would tend to think that someone else will secure the password.

The second is the belief that what happens in the cyber world is only real when the benefits are perceived. But when things go wrong, then it is bad. In the real world, if a door is open, we do not enter unless we are either invited or authorized to do so. The same should happen in the cyber world. Instead of trying to work out who is bad or who is good, we should increase security awareness and start thinking that what happens in the cyber world is serious and real, and could lead to dramatic situations with serious consequences.

Does Compliance Help?

Compliance helps if it is a continuous process and if we believe in the security controls we have been forced to implement. If it is just a moment to pass the audit, this does not help. Like most security controls, compliance requires a periodic execution of set controls. Systems and applications are administered by humans, and humans make mistakes. Yet new vulnerabilities are discovered every day. What seems secure today may not be secure tomorrow. The only solution to this ever-changing landscape is the periodic execution of a strong set of controls.

How Much Should We Invest in Cybersecurity?

Usually, investment is based on the value of the business and the assets. Today, IoT adoption is creating a definite shift because the IoT provides threat actors with millions of devices — with no substantial revenue/cost impact — that they can use to launch an attack. Therefore, when we introduce a device into our network architecture, we must protect it and protect ourselves from it during the entire life cycle. This is something we should highly consider while building a secure ecosystem. The cybersecurity has an intrinsic value, but we should all work toward keeping a safe environment and improving security awareness, and we cannot assume that someone else will take care of it.

What Happens When You Are Breached?

Beyond the fines and penalties, the loss of customer trust is arguably the greatest damage that will result from a cyberattack. Customers do not really care about the money enterprises spend on security; all they care about is the fact that a company lost their data. The scariest thing is that today’s cybercriminals are real, advanced and persistent, so once they gain a foothold, they have access to your infrastructure and they will take every possible step to ensure they will continue to have access. Therefore, if you stop an attack, do not assume you are in the clear. You should always assume that attackers are inside your network, even if you have not yet discovered what they are after.


More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…