Cybersecurity Challenges In The Digital World

 

 

"Towards a Resilient and Robust Cyber Security"

 

The growing number of security breaches and the recent wave of cyber-attacks on various government as well industry sectors such as banking, retail, healthcare, utilities have once again emphasized the need to collaborate and work together as an industry to deal with unknown and unseen attacks. Most organizations are unprepared to detect, respond or recover from a sophisticated attack.

 

The new age of technology innovation and disruption is beyond anyone’s imagination. The impact of technology in today’s world has changed the way business, individuals and government interact with each other and moreover it has a big impact on the way of life. The adoption of technology by individuals as well as organizations will create a world economy worth trillions of dollars forcing organizations to take up digital transformation as a key initiative to keep up with competition and stay profitable.

 

 The digital transformation requires an adequate understanding of risks that come with these initiatives, which most fail to see either due to ignorance or lack of understanding. While most organizations are still struggling to deal with yesterday’s technology related security problems, they are unaware of the new set of problems at their doors that are part of current digital initiatives.

 

It is important to understand the critical impact of cyber-attacks and breaches on both social and business level with more digitalization. These attacks can become a concern for the online business and digital economy as customers lose trust and confidence in these business models and service offerings.

  “Many leaders in business, civil society and government realize that for the world’s economy to fully derive the value inherent in technological innovation, a robust, coordinated system of global cyber resilience is essential to effectively mitigate the risk of cyberattacks.”- Risk and Responsibility in a Hyper connected World by World Economic Forum & McKinsey
 

The conventional security controls used are outdated and are useless against the sophisticated and advanced malware's & zero-day exploits that utilize vulnerabilities, inside the enterprise to move laterally among computers on the network and capture the credentials of people & privileged users within the enterprise. Some of the recent attacks have indicated the sophisticated capability of adversaries that have managed to penetrate even some of the most well-protected networks by gaining a deeper understanding of the core internal systems and processes with a lot of dedicated effort and collaborating with other adversaries to exchange information / exploits working as an organized crime industry.

 

How do we address this issue of digitalization risks?

Security technologies are always the first line of defense. However, the people & process behind it play a vital role. The lack of skill sets and scarce of security professionals globally is creating a more serious challenge to the industry as businesses rush to embrace the digitalization era, the adoption of IoT and other intelligent devices expose organizations and individuals to new risks where the impact and consequences are unimaginable.

One of the key activities to succeed in fighting against adversaries is to have sufficient information and intelligence to recognize an attack and respond to it on a timely basis.

 

Another naïve, but sadly common, method of advancing cybersecurity science is by uninformed and untested guessing. We guess what users want tools to do. We guess about what to buy and how to deploy Cybersecurity solutions. Guessing is uninformed and ineffective, and while it may appear to advance security, it often fails miserably. New ways or techniques such as Moving Target Defense, which states that controlling change across multiple system dimensions increases uncertainty and complexity for attackers.

 

I strongly believe that increased collaboration in cyber security industry could improve the cyber security and resilience while addressing various policy issues. This collaboration could also be extended to business, academia, and public leaders to progress further towards cyber-resiliency.

Continue reading
  5 Hits
  0 Comments
5 Hits
0 Comments

Human Centric - Enterprise Security Culture

The profound change in technology and its rapid adoption by global enterprises and individuals has challenged the human behavior, demanding a serious change to deal with the emerging risks and safety issues associated with it. As awareness is key for any change, it requires people to learn and understand the risks and it impacts as a result of their behavior.

 

In the wake of the recent increase in cyber-attacks and data thefts, we don't need to be an expert to understand the seriousness and impact of these attacks as it's already causing a serious damage and never fails to become a media headline.

 

Geert Hofstede, a well-known social physiologist organizational states culture as “software of the mind” that allows individuals to align their thoughts, beliefs, and actions in order to solve specific problems.

While, most organizations are investing millions in security technologies as their defense, they are neglecting the human aspect of security which has proven to be the weakest link. Thus, making it possible for adversaries to take advantage by targeting the people through Social Engineering, Phishing and other means. Some of the recent attacks have shown us the serious impact of a small mistake such as a wrong click by a user or someone introducing external storage devices such as USB memory sticks (STUXNET attack) into the enterprise or industrial networks. These risks are not just limited to organizations as many individuals are falling victims to cyber-attacks. Some of the recent attacks involving phishing scams and ransomware have caused serious financial damages to organizations and individuals. The business email compromise where hackers have impersonated as CEOs and CFOs have been very effective Phishing attack resulting in financial damages and other successful attacks that include the CEOs have caused more than US$ 2.3 Billion in damages.

 

Human behavior is complex and inconsistent, making it a rich hunting ground for would-be hackers and a significant risk to the security of your organization -  Kai Roer, Build a Security Culture

All too often the security awareness is a one time or once a year effort that fails to engage employees. Educating people to be more security and risk aware is challenging and especially in attaining that as a competence is a process and not something that can be delivered by just a lecture or presentation. Human-centric security culture requires a change in how people think, what they believe and finally how they act on it. It may also vary depending on their past experience and background.

 

Organizations of all types and size have to invest and engage in employee security awareness to be successful and deal with modern day attacks and risks. Focus on SMART goals and right metrics to plan, implement and measure the security effectiveness. Security awareness should incorporate videos, online training, board briefings and other means to engage users depending on the audience. Awareness programs can be very effective if they are customized and tailored to highlight specific risks evident in users business environment and keep users aware of implications that security failure to business and individuals.

 

Finally, a few important points for better security awareness are

  • Identification of business specific and technology risks
  • Security Awareness Program
  • Establish Goals and Metrics
  • Identify effective awareness delivery medium
  • Delivery in multiple languages (Multilingual)
  • Understand Cultural sensitivities
  • Make it Ongoing awareness
  • Monitor the effectiveness
Continue reading
  7 Hits
  0 Comments
7 Hits
0 Comments

Events Calendar