“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”
- Stéphane Nappo
Global Chief Information Security Officer & Board Advisor, Société Générale IBFS
Truer words have never been spoken, considering how 62 percent of global CEOs worry cyber threats will affect their business’ growth prospects.
This chart shouts out the global sentiment on cybersecurity. with equity investments in Israel (the hub for cybersecurity innovation) supercharging themselves in 2018.
With worldwide spending forecasted to reach $133.7 billion in 2022, cybersecurity issues are becoming an everyday struggle for businesses.
The unfortunate truth is, only 5 percent of companies’ folders are properly protected. To reduce digital attacks, organizations must know their assets, identify vulnerabilities, and recognize potential threats. Sounds easy, right?
Complications arise when cybersecurity goes beyond the scope of technology. Businesses need to bring people, processes, and technology together in a consistent security framework.
Impact of 5G and IoT on Cybersecurity
There’s a lot going on, with the potential to make our digital ecosystems a lot more complex.
5G wireless networks are becoming more widespread and the current IPv4 system is exhausting the four billion available IP addresses. The next-gen IPv6 protocol will ensure the availability of new IP addresses, and promote the continued innovation and expansion of Internet technology. IP addresses can be assigned to more devices and computer-aided programs. Thus, everything from heart monitors to security cameras will eventually be computer-enabled.
A Verizon survey revealed how enterprises are already experiencing a surge in cyberthreat exposure because of IoT.
It’s a problem – here’s why
While this promises amazing gains and capabilities across homes and industries, it will provide cybercriminals more points of entry into a software network or environment. The emergence of mobile and IoT devices further complicates the defence landscape.
Despite all data soon becoming centralized, we still lack the tools to control who accesses the data. Thus, the possibility of data exposure increases.
The best defence is government-mandated standards for Internet-connected devices. This will ensure all devices meet safety standards and are regularly updated to address newfound vulnerabilities. A VPN may also prevent devices from exposing sensitive data.
Why Does Big Data Matter?
51.7 percent of the world’s population is online. Most of the user data is collected by companies, resulting in privacy and security concerns. Entrepreneurs are constantly seeking ways to keep sensitive business data out of the reach of hackers. And big data analytics helps in this regard.
The combination of big data analytics and machine learning helps businesses thoroughly analyse the collected information and scope out potential threats to the company’s integrity. These tools operate in real-time and produce security alerts for quicker detection and mitigation of digital breaches.
Analysis of historical data
This helps predict potential attacks and develop baselines based on statistical information that brings to light a variation to the norm. Businesses use risk assessment and quantitative predictions to devise counterattack measures. The analysis of historical data also helps organizations create statistical models and AI-based algorithms.
Monitor and Automate Workflows
34 percent of data breaches are internal. Big data analytics reduce inside threats considerably by monitoring and automating workflows.
- Limit access to sensitive details only to authorized employees
- Work with human resources to supply authorized staff with different login details depending on their business responsibility
Facilitate timely submission of suspicious events to managed security services for additional analysis. The automation aspect allows the system to respond to malware attacks and other detected threats.
Deploy Intrusion Detection System
Together with system events, logs, and network flows, big data analytics can discover suspicious activities and irregularities. The increasing sophistication of digital breaches makes intrusion detection systems like network intrusion detection system (NIDS) extremely lucrative.
Focus on Data Security Laws
Earlier, state and local governments played no role in protecting the identity and data of citizens. All this changed when GDPR came into effect in 2018. Consumers were no longer on their own in cyberspace.
Businesses have a love/hate relationship with GDPR. Companies that take risk and compliance and governance seriously can designate officers or outside firms to advise on regulations once they become available to the public. They are likely to comply and possess the human resources to do so.
But companies that play catch-up with compliance may be put off by the fines and penalties like consumer lawsuits. In fact, this is enough to force small businesses to shut down.
However, the importance of complying to GDPR should not be overlooked. The law has served as a much-needed shot in the arm to lackadaisical cybersecurity measures.
Why?
Because the future of cybersecurity will be shaped by the targets of hackers and other malicious entities. Of particular importance are wealth and healthcare. Sensitive payment information and private healthcare-related data are a goldmine for cybercriminals. These are the categories that are presently ripe targets for hackers and the situation will become more critical in the future.
The EU’s GDPR is a direct response from the government and regulators to try and mitigate these threats.
AI Attacks on the Rise
Cybercriminals find chinks in existing security setups and adapt quickly to new defence strategies. They deploy malicious algorithms that learn and improve constantly to evade detection. Thus, traditional approaches to defence will fall short against emerging AI attacks. TaskRabbit was compromised in 2018 compromising 3.75 million users, but investigators could not trace the hack.
The solution?
If you want to beat hackers at their own game, start thinking like one. Sam Tilston, the CEO of Awesome Resources, says it best, “When the attacks change we need to change our defences, otherwise we are fighting and losing the last digital war and not the next one”.
Reject a static way of thinking. Stop viewing protection from the angle of the defender and learn to anticipate, instead of being reactionary.
A robust security strategy will recognize that cybercriminals:
- Pick targets who they believe are weak for easy financial gain
- Disseminate malicious code as widely as possible through automated systems
- Update hacking methods in line with wider developments in software and technology
The logical answer is AI-powered immune systems. These technologies self-learn your business’ DNA to distinguish between ‘self’ and ‘not self’. They identify the subtlest threats in real-time, taking precise, autonomous action to stop an attack from doing any real damage.
Contrary to traditional security tools that become obsolete in the face of sophisticated AI attacks, an always-on, evolving defence system gives your company a fighting chance.
Cambridge-based Darktrace, for example, uses AI and its proprietary Autonomous Response technology to defend companies against cyber threats. Modeled after the human immune system, the self-learning AI protects more than 3,000 organizations against insider threats, zero-day malware, long-term infrastructure vulnerabilities, industrial espionage, supply chain risk, IoT compromises, and data loss.
Concluding Remarks
Think of the Internet as the Wild West without police and sheriffs to protect businesses against malicious entities. Businesses must depend on themselves and the private sector for incident response, forensics and investigation, and resolving cases.
This means standard cybersecurity practices need to change. Law enforcement is slowly catching up and companies are implementing stricter, smarter cybersecurity measures. The day isn’t far when companies can dial 9-9-9 and report digital crimes.