Business Solutions Vol 5 Issue 1

Recommendations

Info

Deciphering the puzzling future of data security From hackers to unencrypted smartphones and the spectre of full-scale cyber warfare, the future of data security is set to be a complex one that will affect us all. What is the future of data security? The question is both naïve and unfathomable. Asking the question in the first place means being ignorant of the reality that the battle between victims and those who threaten us is a neverending one. There will never be a full stop. The World Economic Forum named cyberattacks one of the greatest threats to businesses and ranked it as a risk higher than terrorist attacks, explained Theresa Payton, who was CIO for the White House during the Bush administration from 2006 to 2008 and is now one of America’s leading cybersecurity experts and CEO of Fortalice <strong>Solutions</strong>. “The world’s leaders know that attacks on private sector companies will damage a country’s economic wellbeing,” she said. In February 2016, US president Barack Obama gained Capitol Hill support for a budget increase of $5bn in additional cybersecurity spending. This brings the cybersecurity budget to $19bn in 2017 for the US government. “President Obama said that data breaches and cybercrime are, ‘among the most urgent dangers to America’s economic and national security’,” explained Payton. Backdoors are bad ideas. Weakening encryption is an old-school argument and I’m not sure that’s even what the FBI wants’ Theresa Payton, Former White House CIO. “Up until recently, most data Theresa Payton, former breaches did not result in a long-term White House CIO and CEO financial impact on the victim. Once of Fortalice <strong>Solutions</strong> the victim cleaned up the breach and accounted for expenses, usually stock prices or market reputation returned to previous levels. The status quo will change and the financial impact going forward is very real and morphing with today’s threats,” she warned. Payton cited IBM’s latest study, which revealed the average cost of a breach rose to $3.8m in 2015. A recent study by SkyHigh Networks asked companies if they would pay cybercriminals in the event of a ransomware attack and almost 25pc said yes, and 14pc of those said they would pay more than $1m to get their data back. Under constant threat Terry Greer-King, the director of cybersecurity at Cisco UK and Ireland, revealed that there are 3bn Google searches daily and 19.7bn threats detected in the wild every day. The tech sector is trying to pare down the current industry benchmark for threat detection but, at the moment, the bad guys have an average of 100 days to do their worst before a threat is discovered. Considering that the world in 2030 may have 500bn connected devices through the evolution of the internet of things (IoT), the threats are only going to skyrocket. “We are now in the realm of shadow IT where the internet and devices from fridges to phones and thermostats are all connected to clouds of clouds, and organisations don’t know what apps employees are downloading, and businesses are buying services without talking to IT,” said Greer-King. “The truth is IT can’t control any bit of technology anymore.” Paraphrasing Cisco chairman John Chambers, Greer-King added: “There are only two organisations in the world today: those that have been hacked and those that don’t know they’ve been hacked.” ‘There are only two organisations in the world today: those that have been hacked and those that don’t know they’ve been hacked’ – TERRY GREER-KING, CISCO According to Cisco’s Annual Security Report for 2016, cyberattacks continue Terry Greer-King, Cisco’s to be a profitable business for cybercriminals, who are refining the way security. European expert on IT they attack back-end infrastructure. Last year, Cisco, with the help of Level 3 Threat Research and Limestone Networks, identified the largest Angler exploit kit operation in the US, which targeted 90,000 victims every day and generated tens of millions of dollars a year by demanding ransoms off victims. Cisco estimates that, currently, 9,515 users in the US are paying ransoms every month, amounting to an annual revenue of $34m for certain cybercrime gangs. The public face of a breach Greer-King explained that 60pc of the “bad stuff” occurs within the first few hours of an attack happening, when the cyber-thieves gain access to a company system and accounts get stolen or compromised. But remember, the industry average for detecting a breach is 100 days, long after this damage has been done. At the rate at which attacks are accelerating, it is going to be a case of when, and not if, an organisation’s capacity for crisis management will be tested. How an organisation reacts in the first 48 hours of detecting an attack or breach will be revealing, not only for customers, but employees and shareholders alike. “It is like that old military analogy: even the best-laid plans fall apart after the first five minutes of contact. Cool heads are important and, unless people are tested and attacks are simulated, you will never know what is going to happen in the heat of the moment,” said Kris McConkey, PwC’s partner-incharge of cybersecurity. 8 VOL 5 ISSUE 1
It is like that old military analogy, even the best-laid plans fall apart after the first five minutes of contact’ – KRIS MCCONKEY, PWC Evidently, the march of technology is creating chaos for CIOs and CSOs to keep on top of, but the narrative is Kris McConkey, partner-incharge of cybersecurity, changing. CEOs and boards are now the fall guys rather than IT professionals. PwC McConkey posited that cyberattacks are now a boardroom issue, citing the high-profile attack on Talk Talk’s servers last year. “In the UK, breaches like [the Talk Talk breach] have seen the CEOs of companies suddenly propelled onto [current affairs show] Newsnight and radio shows,” said McConkey. “This was a seminal moment because it made boards realise that breaches are no longer something that can be offloaded to the chief security officer, but it is actually the boards themselves that are on the spot when things can go wrong.” You are the weakest link Ultimately, the triggers for the biggest attacks and vulnerabilities are people. No matter what elaborate security defences are put in place, Accenture’s Bill Phelps explained that it is people – AKA the ‘wet firewall’ – who let the intruders in. “There were con artists long before technology was ever on the scene,” said the managing director and global lead for Accenture Security, who tracks a natural evolution from this to the infamous emails from Nigerian royalty and, today on social media, where users try to persuade others to transfer money. “Today, we are seeing mid-level executives being conned into allowing the bad people in using phishing attacks.” ‘100pc defence is impossible, but it is good to constantly test yourself against mock adversaries’ – BILL PHELPS, ACCENTURE Even senior US government officials who ought to have been at the pinnacle Bill Phelps, managing of awareness and protection – such as director and global lead for the head of the CIA, John Brennan – Accenture Security. were compromised and embarrassed by amateur hackers. Individuals, as well as businesses, need to be street smart, but also realise they can’t protect everything. “The battle space is so vast and takes in every person and organisation,” said Phelps.“There are criminal gangs out to steal your information or credit card numbers. Organisations are staving off industrial espionage and front-running trading. There are attacks on banks just to understand M&A activity, and all of this is very specialised.” And yet, all of the sophisticated defences in the world can still be undermined by a human weakness, like falling prey to a spear-phishing attack. “It is an asymmetrical problem in which the defender has to close every loophole, but the attacker has to only find one way in. 100pc defence is impossible, but it is good to constantly test yourself against mock adversaries.” The devil is in the data Mark Hughes, president of BT Security, said he believes organisations need to prioritise what it is they are trying to defend rather than locking down everything. He warned that the era of security beyond the firewall will require granular controls and privileges that define who can do what with the data and where they can go with it. “We are at a juncture where there is only a nuanced understanding of the differences between sophisticated and unsophisticated attacks,” he said. “Organisations are often so busy trying to protect against mainstream, everyday malicious activity that they are unprepared for the more sophisticated targeted attacks.” ‘Organisations are often so busy trying to protect against mainstream, everyday malicious activity that they are unprepared for the more sophisticated targeted attacks’ – MARK HUGHES, BT SECURITY The head of enterprise at Dropbox, Mark Hughes, president, BT Ross Piper, is responsible for driving the Security. US company’s growth in the enterprise market, building on its presence in 97pc of Fortune 500 companies. Like Hughes, he believes the perimeter is no longer the defensible part of the network. It’s all about the data. Cloud services like Dropbox allow everyone from small teams of creators right up to thousands of individuals in a corporation to collaborate and share data on any device. In the past, this would have given a CEO or CIO a heart attack, but the productivity benefits and the inherent security to protect data in the cloud have evolved in ways that could frustrate attackers. ‘This is a precursor to a fundamental shift in security models that we’ve been talking about for decades but which is finally coming to fruition’ – ROSS PIPER, DROPBOX “If you take a 400MB video as an example. What we do when a user Ross Piper, head of saves that into Dropbox is we actually enterprise at Dropbox. break that into a hundred 4MB file blocks. Each of those file blocks is individually encrypted. They are stored at random within the storage service with 1bn new files per day. Imagine 1bn files – that’s well more than 10bn file blocks,” Piper explained. To illicitly access a specific file on this service, a hacker would have to get through the encryption tunnels, find the right 100 4MB blocks amongst tens of millions of file blocks saved that day, and individually unencrypt each one of them. This intelligent breaking up and sequencing of blocks of data represents the future of security in the cloud. “This is a precursor to a fundamental shift in security models that we’ve been talking about for decades but which is finally coming to fruition,” said Piper. Protection vs privacy It’s not just the growth of data that concerns security professionals and consumers, but the growth of datacollecting devices. “More devices will simply mean more ways to attack. Nothing is going to be safe,” said Cisco’s Greer- King. “There will be sensors everywhere to collect data, connect cities and ultimately change the way the world operates. But not every data point, not every sensor, will have a firewall.” With the advent of IoT and machine-to-machine (M2M) technology, threats against seemingly harmless consumer and industrial devices are already accelerating. According to PwC, the number of attacks on embedded IoT devices among companies it surveyed increased 152pc in 2015, yet only 36pc of these companies had a security strategy for IoT. VOL 5 ISSUE 1 9
Page 1 and 2: Vol 5 Issue 1 ISO27001 Event Guide
Page 3 and 4: C ONTENTS -5- Ward Solutions Predic
Page 5 and 6: Data breach four-times worse than C
Page 7 and 8: Ward Solutions predicts €1.2M rev
Page 9: Atlantic Bridge Capital confirms a
Page 13 and 14: 5 tips to help protect your busines
Page 18 and 19: EXHIBITOR DIRECTORY SPONSORED BY Ar
Page 20: EXHIBITOR DIRECTORY SPONSORED BY MM
Page 23 and 24: Staying In Business Setting the Sce
Page 25 and 26: AdaptiveMobile estimates up to 80%
Page 27 and 28: information on how best to do this.
Page 29 and 30: New FCC rules could require ISPs to
Page 31 and 32: Data Solutions announces 20 jobs an
Page 33 and 34: 3 issues defining data protection i
Page 35: Fastest-ever data transfer clocked

Business Solutions Vol 5 Issue 1

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?