Cybersecurity is center stage in the world today, thanks to almost continuous revelations about incidents and breaches. In this context of unpredictability and insecurity, organizations are redefining their approach to security, trying to find the balance between risk, innovation and cost. At the same time, the field of cyber security is undergoing many dramatic changes, demanding organizations embrace new practices and skill sets.
This 80-page book discusses the cyber security landscape, helping organizations with what they should be doing to combat cyber-attacks. Download a free copy of this ebook to learn:
- Expert opinions on staying ahead in the cyber security game.
- Methods to take to combat BYOD security issues.
- The importance of including security at the design stage.
Cyber security risk is now squarely a business risk – dropping the ball on security can threaten an organization’s future – yet many organizations continue to manage and understand cyber security in the context of the IT department. This has to change.
Technology is continuously changing and there is no recent shift larger than the explosion of mobile device usage. People bringing their own devices to work is an unstoppable wave engulfing organizations, regardless of policy. The demand for BYOD is surging, but it poses serious challenges for how security is managed, both in terms of technology as well as process and policy. These mobile devices seem to be the antithesis of everything security professionals have been trying to do to keep things secure: they are mobile, rich in data, easy to lose and connected to all kinds of systems with insufficient security measures embedded.
Technology also brings opportunities, for example, big data offers the promise of new insights that enables a more pro-active security approach, provided organizations can employ the people who actually understand this new technology.
Most focus on state of the art security revolves around people and their behavior. It is common understanding that with enough determination and skill, a persistent attacker will eventually be able to break any defense, but making this process difficult every step of the way lowers risk and increases not only the time in which organizations can respond to incidents, but also improves the ability to intercept them before the impact becomes substantive. In order to do security right, it has to be made part of the most elementary fiber of the organization, both in technology – including security as part of the design – as well as in behavior – giving people secure options that they prefer over less secure ones. Simply using fear as a tool to motivate people is going blunt very rapidly.
The Game Is On
Sending an email, making a bank transfer, ordering something online or booking your flight directly on your mobile has never been as easy and fast as today. About 50 billion devices will be connected to the Internet in 2020, most of them barely protected, a fact that implies as many potential doors for hackers to intrude in our devices, our companies, our homes and personal lives.
Today, the increase of networking and connectivity enable our organizations to become more efficient, more productive and better informed. Data and Information access are key assets for every individual, every company and every state. Thus, Information Technology has become vital for decision-making. It allows process optimization and industrialization of anything ranging from railway track switching, to air traffic control, from gas and electricity distribution to chlorinating our water supply. However the current, ever increasing, adoption of digital technology has been accompanied with a lack of understanding of the consequential stakes, especially amongst the young generations. “We don’t care how it works, as long as it works.” Therefore, we have become vulnerable.
At first, computer hacking was a game, a playful hobby for a few curious, skilled people. As the Internet evolved, these skills became a political or ideological tool in the hands of hacktivist groups who perceived their activity as a legitimate form of social protest. Equally disturbing is the criminal use of networks and technologies, with many organizations seeing literally billions of events every day, plenty of which include significant security threats targeting customer data, intellectual property and confidential data. Cyber espionage, targeted against both government and industry, has become a common practice.
The borders between all of these security threats are fuzzy, in part due to the design and topology of cyberspace: the boundaries between thief, spy and activist are a lot less clear than in real life. And though there are some regulations that rule the web, a large grey area still remains where well-organized attackers can operate with seeming impunity. Cyberspace provides the perfect cover making these actors very hard to detect and identify. Further, the complexity of cyber attacks makes it even more confusing. There are no flags, no uniforms and no established, understood rules of engagement.
A piece of malware, Trojan or a worm could remain dormant in an IT system for months before being detected, meanwhile tapping into your information. Each night, thousands of gigabytes of technological and strategic data are stolen from thousand of computers of our Western companies. A cyber attack can cause significant damage at a very large scale, for long periods of time and at low costs.
Finally, a cyber attack is usually not claimed as stealth and anonymity are clear benefits of choosing to operate on the Internet. Identifying the guilty remains highly complex and depends on few characteristics like concordant items of evidence, the language used, the names of commands and so forth. One of the main issues of cyber incidents is the breach of trust in our IT systems. Attempts have even been made to compromise SCADA systems and the impact of these threats carry serious potential consequences. Already the “simple” hacking of a bank, the social security system or any other strategic infrastructure or service would cause a huge breach of trust from consumers, users and citizens. Taking into account our ever-increasing use of technology, amounting to technology dependence in every aspect of our economic and social environment, our world is far more vulnerable than we might think. The threat of a global breach of trust requires constant diligence and awareness in order to be mitigated and ideally prevented.
This urgently calls for Staying Ahead in the Cybersecurity Game. For now, these threats cannot be suppressed but we can contain them. We must keep playing this chess-like game and balance it in our favor. I hope this book, which I am glad to have coproduced with our trusted partner, IBM, offers you both an increased appreciation of these issues as well as ideas to help you stay ahead of the threats facing your organization. In the face of this challenge, it is critical that we combine forces, not only between service providers but also public authorities, in order to keep up and always be one step ahead!