Recently (this is a relative term here, we surely count the evolution in years), a climate of digital anxiety has settled among professionals and individuals alike. A focus group coordinated by NewAlpha questioned the representatives of 9 companies and revealed that 77.78 per cent of executives consider IT security to be a main concern for their business. But, while entrepreneurs have become increasingly aware of the issue, positive results are slow to appear. Indeed, the number of cyber attacks recorded at a global scale last year still spiked as opposed to 2015. While awareness campaigns only intensified over the course of 2016, how can we justify this contrasting image?
The same study showed that one-third of the respondents were quite unsure whereas the impact of a vulnerability on their system would be. On top of that, some even failed to see why data protection is even necessary. It is the typical speech: “I have nothing to hide, we are completely transparent, etc. etc.”. Online identity theft and targeted phishing campaigns are just a few of the counter-arguments that come to mind.
So here it is: CEOs have finally taken note that there is a problem and, to our delight, they immediately respond: “Yes, we have allocated a budget to the security of our servers” and “Yes, we have indeed implemented a cybersecurity solution”. All this is going in the right direction, but the study shows a lack of precision. While 100 per cent said they are not willing to pay a ransom that is more than 10,000 Euros, it is not clear how much they have set aside for the purpose of securing their infrastructure or even what type of “cybersecurity solution” they put in place.
THE BATTLE IS NOT OVER
That being said, it would appear that awareness raising efforts are yet to generate conscious and personalized actions.
Indeed, the repetitive discourse that we often find in the media when cybersecurity topics are at a peak has failed to put sufficient emphasis on one essential aspect: good IT security practices are merely guidelines that must be adapted by each of us, and not treated with inflexibility. What works for a business is not necessarily the optimal solution for another. We should all have the same basic ingredients, but the recipe, the implementation process, that may require a completely different approach according to one’s needs.
Cybersecurity experts should aspire to help company managers no longer perceive IT security tools as a Swiss knife. ‘I have an antivirus, isn’t that enough?’ or even ‘I have a SIEM, why would I also need a firewall?’. All these solutions are essential components meant to help us resist hacking perils. Together, they form an impenetrable armor. But remove one part and it won’t take long before the black hats find your weakness.
WHEN ALL IS SAID AND DONE
What is left to be done?
Go beyond vague terms. Take advantage of the recent major changes that will become effective in May 2018 and reevaluate what state-of-the-art cybersecurity means for you. We are of course talking here about the new rules introduced by the European Union within the General Data Protection Regulation (otherwise known as the GDPR). The latter guarantees citizens that their personal data will be processed according to required standards and that, in the case of a notable incident, they will be notified within the following 72 hours.
For those who have read the actual law, you will have, without a doubt, noticed one thing: the Member States of the European Union have avoided specifying precise means of implementing these obligations. Which is quite understandable since its application is willing conceived as to be able to withhold the changes of time. However, the passages can always be translated using the technological advances of the present.
As such, it is imperative to prepare for the imminent implementation of these regulations. Obligations imposed on companies have increased considerably, as have penalties. It is therefore urgent to plan inventories and audit the way businesses are processing data, in addition to supplementing security with its missing elements. All this will surely have to be followed by the establishment of conduct rules and policies, as well as more training programs. The end goal? Move on from cybersecurity awareness to an informed action-taking attitude.
This is not just limited to EU member states, business leaders from countries around the world need to implement and lead a strong cybersecurity direction within their organizations.
One solution to help in cybersecurity is the use of statistical analysis in order to identify anomalies within large volumes of data and to test specific assumptions and automatic learning methods to model the behaviors of the analyzed entities. These two approaches allow Reveelium’s behavioral analysis engine to detect weak signals (i.e. hidden patterns in a data stream).
Reveelium also integrates contextual information originating from different Threat Intelligence sources to discover which puzzle pieces correspond to an actual cyber attack and integrates feedback from the end user in order to improve its prediction capability and decrease its false positive rate.
To learn more about Reveelium solutions, go here.
Cristina Ion (@_cristinaion_ or @Reveelium_AI) is the Community Manager of Reveelium Inc., a subsidiary of the French cybersecurity provider, ITrust and specialised in behaviour analytics and machine learning applied to the field of cybersecurity. Connect with Cristina: https://www.linkedin.com/in/cristinaion/en or by email firstname.lastname@example.org
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…