"Towards a Resilient and Robust Cyber Security"
The growing number of security breaches and the recent wave of cyber-attacks on various government as well industry sectors such as banking, retail, healthcare, utilities have once again emphasized the need to collaborate and work together as an industry to deal with unknown and unseen attacks. Most organizations are unprepared to detect, respond or recover from a sophisticated attack.
The new age of technology innovation and disruption is beyond anyone’s imagination. The impact of technology in today’s world has changed the way business, individuals and government interact with each other and moreover it has a big impact on the way of life. The adoption of technology by individuals as well as organizations will create a world economy worth trillions of dollars forcing organizations to take up digital transformation as a key initiative to keep up with competition and stay profitable.
The digital transformation requires an adequate understanding of risks that come with these initiatives, which most fail to see either due to ignorance or lack of understanding. While most organizations are still struggling to deal with yesterday’s technology related security problems, they are unaware of the new set of problems at their doors that are part of current digital initiatives.
It is important to understand the critical impact of cyber-attacks and breaches on both social and business level with more digitalization. These attacks can become a concern for the online business and digital economy as customers lose trust and confidence in these business models and service offerings.
“Many leaders in business, civil society and government realize that for the world’s economy to fully derive the value inherent in technological innovation, a robust, coordinated system of global cyber resilience is essential to effectively mitigate the risk of cyberattacks.”- Risk and Responsibility in a Hyper connected World by World Economic Forum & McKinsey
The conventional security controls used are outdated and are useless against the sophisticated and advanced malware's & zero-day exploits that utilize vulnerabilities, inside the enterprise to move laterally among computers on the network and capture the credentials of people & privileged users within the enterprise. Some of the recent attacks have indicated the sophisticated capability of adversaries that have managed to penetrate even some of the most well-protected networks by gaining a deeper understanding of the core internal systems and processes with a lot of dedicated effort and collaborating with other adversaries to exchange information / exploits working as an organized crime industry.
How do we address this issue of digitalization risks?
Security technologies are always the first line of defense. However, the people & process behind it play a vital role. The lack of skill sets and scarce of security professionals globally is creating a more serious challenge to the industry as businesses rush to embrace the digitalization era, the adoption of IoT and other intelligent devices expose organizations and individuals to new risks where the impact and consequences are unimaginable.
One of the key activities to succeed in fighting against adversaries is to have sufficient information and intelligence to recognize an attack and respond to it on a timely basis.
Another naïve, but sadly common, method of advancing cybersecurity science is by uninformed and untested guessing. We guess what users want tools to do. We guess about what to buy and how to deploy Cybersecurity solutions. Guessing is uninformed and ineffective, and while it may appear to advance security, it often fails miserably. New ways or techniques such as Moving Target Defense, which states that controlling change across multiple system dimensions increases uncertainty and complexity for attackers.
I strongly believe that increased collaboration in cyber security industry could improve the cyber security and resilience while addressing various policy issues. This collaboration could also be extended to business, academia, and public leaders to progress further towards cyber-resiliency.