Business Solutions Vol 5 Issue 1
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Deciphering the puzzling<br />
future of data security<br />
From hackers to unencrypted smartphones and the<br />
spectre of full-scale cyber warfare, the future of data<br />
security is set to be a complex one that will affect us all.<br />
What is the future of data security?<br />
The question is both naïve and unfathomable. Asking the<br />
question in the first place means being ignorant of the reality<br />
that the battle between victims and those who threaten us is a<br />
neverending one. There will never be a full stop.<br />
The World Economic Forum named cyberattacks one of the<br />
greatest threats to businesses and ranked it as a risk higher<br />
than terrorist attacks, explained Theresa Payton, who was CIO<br />
for the White House during the Bush administration from 2006<br />
to 2008 and is now one of America’s leading cybersecurity<br />
experts and CEO of Fortalice <strong>Solutions</strong>. “The world’s leaders<br />
know that attacks on private sector companies will damage a<br />
country’s economic wellbeing,” she said.<br />
In February 2016, US president Barack Obama gained<br />
Capitol Hill support for a budget increase of $5bn in additional<br />
cybersecurity spending. This brings the cybersecurity budget<br />
to $19bn in 2017 for the US government. “President Obama<br />
said that data breaches and cybercrime are, ‘among the most<br />
urgent dangers to America’s economic and national security’,”<br />
explained Payton.<br />
Backdoors are bad ideas. Weakening<br />
encryption is an old-school argument<br />
and I’m not sure that’s even what the<br />
FBI wants’<br />
Theresa Payton, Former White House<br />
CIO.<br />
“Up until recently, most data<br />
Theresa Payton, former<br />
breaches did not result in a long-term<br />
White House CIO and CEO<br />
financial impact on the victim. Once<br />
of Fortalice <strong>Solutions</strong><br />
the victim cleaned up the breach and<br />
accounted for expenses, usually stock prices or market<br />
reputation returned to previous levels. The status quo will<br />
change and the financial impact going forward is very real and<br />
morphing with today’s threats,” she warned.<br />
Payton cited IBM’s latest study, which revealed the average<br />
cost of a breach rose to $3.8m in 2015. A recent study by<br />
SkyHigh Networks asked companies if they would pay cybercriminals<br />
in the event of a ransomware attack and almost 25pc<br />
said yes, and 14pc of those said they would pay more than<br />
$1m to get their data back.<br />
Under constant threat<br />
Terry Greer-King, the director of cybersecurity at Cisco UK and<br />
Ireland, revealed that there are 3bn Google searches daily and<br />
19.7bn threats detected in the wild every day. The tech sector<br />
is trying to pare down the current industry benchmark for<br />
threat detection but, at the moment, the bad guys have an<br />
average of 100 days to do their worst before a threat is<br />
discovered. Considering that the world in 2030 may have<br />
500bn connected devices through the evolution of the internet<br />
of things (IoT), the threats are only going to skyrocket.<br />
“We are now in the realm of shadow IT where the internet<br />
and devices from fridges to phones and thermostats are all<br />
connected to clouds of clouds, and organisations don’t know<br />
what apps employees are downloading, and businesses are<br />
buying services without talking to IT,” said Greer-King. “The<br />
truth is IT can’t control any bit of technology anymore.”<br />
Paraphrasing Cisco chairman John Chambers, Greer-King<br />
added: “There are only two organisations in the world today:<br />
those that have been hacked and those that don’t know<br />
they’ve been hacked.”<br />
‘There are only two organisations in<br />
the world today: those that have been<br />
hacked and those that don’t know<br />
they’ve been hacked’<br />
– TERRY GREER-KING, CISCO<br />
According to Cisco’s Annual Security<br />
Report for 2016, cyberattacks continue Terry Greer-King, Cisco’s<br />
to be a profitable business for cybercriminals,<br />
who are refining the way security.<br />
European expert on IT<br />
they attack back-end infrastructure.<br />
Last year, Cisco, with the help of Level 3 Threat Research and<br />
Limestone Networks, identified the largest Angler exploit kit<br />
operation in the US, which targeted 90,000 victims every day<br />
and generated tens of millions of dollars a year by demanding<br />
ransoms off victims. Cisco estimates that, currently, 9,515<br />
users in the US are paying ransoms every month, amounting to<br />
an annual revenue of $34m for certain cybercrime gangs.<br />
The public face of a breach<br />
Greer-King explained that 60pc of the “bad stuff” occurs<br />
within the first few hours of an attack happening, when the<br />
cyber-thieves gain access to a company system and accounts<br />
get stolen or compromised. But remember, the industry<br />
average for detecting a breach is 100 days, long after this<br />
damage has been done.<br />
At the rate at which attacks are accelerating, it is going to<br />
be a case of when, and not if, an organisation’s capacity for<br />
crisis management will be tested. How an organisation reacts<br />
in the first 48 hours of detecting an attack or breach will be<br />
revealing, not only for customers, but employees and<br />
shareholders alike.<br />
“It is like that old military analogy: even the best-laid plans<br />
fall apart after the first five minutes of contact. Cool heads are<br />
important and, unless people are tested and attacks are<br />
simulated, you will never know what is going to happen in the<br />
heat of the moment,” said Kris McConkey, PwC’s partner-incharge<br />
of cybersecurity.<br />
8<br />
VOL 5 ISSUE 1