July 21, 2014 By Martin Borrett 4 min read

Cybersecurity is center stage in the world today, thanks to almost continuous revelations about incidents and breaches. In this context of unpredictability and insecurity, organizations are redefining their approach to security, trying to find the balance between risk, innovation and cost. At the same time, the field of cyber security is undergoing many dramatic changes, demanding organizations embrace new practices and skill sets.

This 80-page book discusses the cyber security landscape, helping organizations with what they should be doing to combat cyber-attacks. Download a free copy of this ebook to learn:

  • Expert opinions on staying ahead in the cyber security game.
  • Methods to take to combat BYOD security issues.
  • The importance of including security at the design stage.

Cyber security risk is now squarely a business risk – dropping the ball on security can threaten an organization’s future – yet many organizations continue to manage and understand cyber security in the context of the IT department. This has to change.

Technology is continuously changing and there is no recent shift larger than the explosion of mobile device usage. People bringing their own devices to work is an unstoppable wave engulfing organizations, regardless of policy. The demand for BYOD is surging, but it poses serious challenges for how security is managed, both in terms of technology as well as process and policy. These mobile devices seem to be the antithesis of everything security professionals have been trying to do to keep things secure: they are mobile, rich in data, easy to lose and connected to all kinds of systems with insufficient security measures embedded.

Technology also brings opportunities, for example, big data offers the promise of new insights that enables a more pro-active security approach, provided organizations can employ the people who actually understand this new technology.

Most focus on state of the art security revolves around people and their behavior. It is common understanding that with enough determination and skill, a persistent attacker will eventually be able to break any defense, but making this process difficult every step of the way lowers risk and increases not only the time in which organizations can respond to incidents, but also improves the ability to intercept them before the impact becomes substantive. In order to do security right, it has to be made part of the most elementary fiber of the organization, both in technology – including security as part of the design – as well as in behavior – giving people secure options that they prefer over less secure ones. Simply using fear as a tool to motivate people is going blunt very rapidly.

Download your Free Copy of ‘Staying Ahead of the Cybersecurity Game’

The Game Is On

Sending an email, making a bank transfer, ordering something online or booking your flight directly on your mobile has never been as easy and fast as today. About 50 billion devices will be connected to the Internet in 2020, most of them barely protected, a fact that implies as many potential doors for hackers to intrude in our devices, our companies, our homes and personal lives.

Today, the increase of networking and connectivity enable our organizations to become more efficient, more productive and better informed. Data and Information access are key assets for every individual, every company and every state. Thus, Information Technology has become vital for decision-making. It allows process optimization and industrialization of anything ranging from railway track switching, to air traffic control, from gas and electricity distribution to chlorinating our water supply. However the current, ever increasing, adoption of digital technology has been accompanied with a lack of understanding of the consequential stakes, especially amongst the young generations. “We don’t care how it works, as long as it works.” Therefore, we have become vulnerable.

At first, computer hacking was a game, a playful hobby for a few curious, skilled people. As the Internet evolved, these skills became a political or ideological tool in the hands of hacktivist groups who perceived their activity as a legitimate form of social protest. Equally disturbing is the criminal use of networks and technologies, with many organizations seeing literally billions of events every day, plenty of which include significant security threats targeting customer data, intellectual property and confidential data. Cyber espionage, targeted against both government and industry, has become a common practice.

The borders between all of these security threats are fuzzy, in part due to the design and topology of cyberspace: the boundaries between thief, spy and activist are a lot less clear than in real life. And though there are some regulations that rule the web, a large grey area still remains where well-organized attackers can operate with seeming impunity. Cyberspace provides the perfect cover making these actors very hard to detect and identify. Further, the complexity of cyber attacks makes it even more confusing. There are no flags, no uniforms and no established, understood rules of engagement.

A piece of malware, Trojan or a worm could remain dormant in an IT system for months before being detected, meanwhile tapping into your information. Each night, thousands of gigabytes of technological and strategic data are stolen from thousand of computers of our Western companies. A cyber attack can cause significant damage at a very large scale, for long periods of time and at low costs.

Finally, a cyber attack is usually not claimed as stealth and anonymity are clear benefits of choosing to operate on the Internet. Identifying the guilty remains highly complex and depends on few characteristics like concordant items of evidence, the language used, the names of commands and so forth. One of the main issues of cyber incidents is the breach of trust in our IT systems. Attempts have even been made to compromise SCADA systems and the impact of these threats carry serious potential consequences. Already the “simple” hacking of a bank, the social security system or any other strategic infrastructure or service would cause a huge breach of trust from consumers, users and citizens. Taking into account our ever-increasing use of technology, amounting to technology dependence in every aspect of our economic and social environment, our world is far more vulnerable than we might think. The threat of a global breach of trust requires constant diligence and awareness in order to be mitigated and ideally prevented.

This urgently calls for Staying Ahead in the Cybersecurity Game. For now, these threats cannot be suppressed but we can contain them. We must keep playing this chess-like game and balance it in our favor. I hope this book, which I am glad to have coproduced with our trusted partner, IBM, offers you both an increased appreciation of these issues as well as ideas to help you stay ahead of the threats facing your organization. In the face of this challenge, it is critical that we combine forces, not only between service providers but also public authorities, in order to keep up and always be one step ahead!

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
Your browser doesn't support HTML5 audio
Press play to continue listening
00:00 00:00