Hear no evil, see no evil

hear_no_evil_see_no_evil.jpeg

But what I see in this digital era, seems to be little more than this on a consistent basis. They say, in the UK over 60% of SMEs do not feel Ransomware to be a concern, but in the event of an attack, only 25% feel ready to handle it.

So what is going on? Most firms appear focused on securing network perimeters to safeguarding data spread across systems, devices, and the cloud. With technology such as big data analytics, the IoT, blockchain, and mobile computing reinventing the way companies handle everything from decision making to customer service, we need to refocus fast.

a huge “threatscape” is apearing

Across the enterprise (ERPII & perhaps III) we’re automating virtually all business processes and the rapidly increasing digital connectivity of the entire value chain creates agility, but also bring about an increasing “threatscape” for us to monitor.

The key to addressing those risks and threats is building security into applications, as well as into interconnected devices, right from the start. We call it “Security by Design.

Running IT systems in the cloud supports organizational flexibility and companies are increasingly moving both data and business functions between the cloud and on-premise systems.

Security by design

But as companies embark on this journeys of business and digital transformation, they must make cybersecurity a top priority. As someone said to me the other day, when you switch the light on in your office, you’re not asked to enter a name and password because security is built into the design of the building and its infrastructure. This has to be the way to go with our systems. Both the value and the volume of data has never been higher, and the end points are more vulnerable than ever. More so with IoT, which is still in its infancy. You can tell with a name like that! I’m sure in only a few months we’ll start having segmentation to the Internet of X / Y /Z. As IoT is extended to everything from industrial equipment to consumer devices, attacks are growing not just in number, but also in sophistication. Next-generation devices are now deployed in potentially vulnerable environments such as vehicles, hospitals, and energy plants, vastly increasing the risks to human welfare. Concerns about such devices being hacked, turned into botnets, and used to attack targeted computers and organizations are growing as well. After all, who’s building in security into the devices? Is there any room left in them for security? Where will it go?

80/20

With the risks increasing we need to take a more proactive approach to securing our data. Dealing with what went wrong after the breach won’t save data, lives or a CISO’s career.

With generally 80% of mission critical processes sitting within ERPII applications, a good start point has to be within the applications and the associated data. Cybersecurity professionals are accustomed to securing access to their networks and applications. But digital transformation leads to an explosion of connected environments where perimeter protection is no longer enough. Attackers and other malicious individuals will continue to compromise weak links, resulting in deep access to companies’ networks, systems, and data.

In a digital world, the classic, contained enterprise network no longer exists. For that reason, security must be embedded into all applications as the first line of defense.

So-called “self-defending apps” are another example of proactive security. This active-protection technique provides applications with advanced access-control capabilities, allowing them to react to malicious source-code modifications and debugging at runtime. And according to SAP, encrypting all data in transit, both at rest or in-flight is another core tenet of pre-emptive cybersecurity.

While it’s nothing new, among the most important factors we need to adopt is two-factor authentication (which verifies a user’s identity via two different methods) and role-based access controls (which limit the user’s access to data by job role.

There should be just one world!

All too often there sits one world protecting the access and firewalls across the perimeter and networks while separately the application team sits hardening and securing the enterprise applications. Going forward, with the focus shifting from traditional network-perimeter security to securing application data, those two worlds need to join forces to prevent issues from falling through the cracks.

The cybersecurity issues raised by digital transformation are driving the need for a better understanding between the organization’s cybersecurity professionals and those who provide application security.

Digital and business transformation makes it essential that the cybersecurity and IT teams find a common understanding, a shared terminology, and a unified approach to securing applications and data. After all Systems are being opened in ways that they weren’t before and there is more direct connectivity with suppliers, partners, customers, and consumers. There are tighter connections between a company’s Web presence and back-end systems, meaning the seamless process flows allow more things to go wrong.”

When it comes to digitally transforming a company’s business, cybersecurity must be part of the conversation from the very start.

Haig&Co