Latest News  

Cybersecurity the sharp (s)word of today

Technology moves the outsourcing services industry - as it does all service industries - towards new horizons, not all of them known. Companies are willing to outsource more, as they are challenged by an increasing need for transparency and fast response to market needs, and the desire for more value at lower costs.

2017-06-15 21:11:55

It's now the moment of younger and smaller technology companies hoping to disrupt incumbent businesses with better service, more innovative products, lower prices, and the ability to respond flexibly to changing customer habits and preferences.

The global technology helps but it comes at a price Increasingly, data security becomes top priority for companies. In light of the most recent technological developments and cybernetic threats, development of new technologies has raised the level of security concerns, while IoT prevalence further intensifies the risks. Thus, 2017 is expected to observe the emergence of Security as a Service, offered by specialized security BPO service providers. Enterprises and outsourcing agencies will strive to protect their data, regardless of its size and location. According to a study conducted by PwC and focusing on cybersecurity and privacy matters, "many organizations are pursuing emerging technologies to develop new products, services, or ways of doing business. However, companies don't always consider the emerging cybersecurity threats that could impact these systems after they're implemented. PwC can help you design transformation strategies with security in mind from the very start, with the foresight to help you see what's on the other side of the leading edge.

Because you don't WannaCry anymore

Among the most recent strike of hackers, the ransomware attack known as WannaCry first struck on Friday, May 12, 2017 and as stated also in the PwC study, "by the following Monday, it had reached more than 200,000 computers in 150 countries. Although we still don't know all the details, it's clear that some organizations were victimized far more severely than others. The news of this episode reinforces a view that we at PwC have promoted for a long time: Effective protection against cyber-attacks has less to do with any particular technological factor, and everything to do with proactive risk management in general." The PwC experts added: "We expect there will be more attacks because the techniques and exploits used to distribute WannaCry were only recently leaked to the world in April 2017 (allegedly from the National Security Agency by an anonymous group called Shadow Brokers). Similar documents (allegedly originally from the Central Intelligence Agency) were published by WikiLeaks in March 2017, and there will probably be more such leaks, not just in the U.S. and Europe, but in countries around the world. Every breach will empower independent parties with tools heretofore held by governments. Ransom, blackmail, surveillance, shutdown, and data manipulation are all more feasible than they were only a few months ago. Lessons learned There are lessons to be learned every time whenever something of these proportions happens.

First, according to specialists of PwC, the need arises for a robust digital hygiene within organizations and individual use. Also, as human errors are many times the trigger of these happenings, the ability to detect intrusive behaviour would also help. "Human error is still the most prevalent means of gaining access to proprietary information. Employees often unwittingly expose data to a cyber-threat actor through a fraudulent email or other socially engineered techniques, thereby giving hackers access to passcodes or other means of entry. Organizations with effective risk management practices rarely release sensitive information to outsiders inadvertently. They are particularly protective of administrative accounts and other privileged information; they make it extremely difficult to obtain the kind of data that would allow someone to take over a system. They are also attuned to detection, learning to recognize the keystroke behaviour common to intruders and isolate it in real time. The one thing they share openly is the data about the intruders they detect; collaboration among security professionals from a wide range of organizations is one of the best defences against cybercrime activity," according to PwC. The study also advises on building a thoughtful design of IT infrastructure and early adoption of cloud technology.

Also, at Outsourcing Today's latest Outsourcing Summit, Mihaela Apostoleanu, Senior Director, Oracle EMEA Business Operations, said that: "Right now, the security challenge is the focus in the software area. The weakness comes from companies. With the volumes of data and people involved at so many levels, the security data is foremost. We need to educate people how to use technologies and social media concerning security data, informing and developing protocols for permits to use the image of companies and information. This will happen alongside the using of security tools in order to identify the breaches and prevent." With the fast emergence of new technologies and automation, a general feeling among employees is that they fear losing control in this newly-changed work environment. Olivier Hecq, Head of SSC IT, Societe Generale European Business Services stated that "There is no such thing as zero risk in the new cyber world but the security issues should be in focus all the time." The opinion is shared by Liviu Lazarescu, IT Delivery Head for Romania Operations, Wipro Technologies: "More should be done in the awareness part of security. Each company has its own way of dealing with security, according to its needs. We need to address real-life scenario implementation for the benefit of finding the best security solutions." The young generation changes the entire work environment, by bringing new customs, habits and work patterns. For instance, as underlined by Mihaela Dobre, Learning & Development Manager EMEA, Stefanini, the young generation is very keen on work flexibility, which also implies working from home. "And working for home is a sensitive option, at many levels, including the security matter. "

Representing CIMA - Chartered Institute of Management Accountants, Daniel Idzkowski, Associate Director – Global Corporate Relations underlined the need to better address the real digital threats: "We need to address cybersecurity, designing and implementing Cybersecurity frameworks, cyber maturity assessments; organisational design for cybersecurity; Cloud security; design and rollout of cybersecurity processes such as Incident Management, Intrusion Detection, and Security Monitoring. Also, concepts such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing should be implemented and put on the first-page of companies' agendas." Money hurts According to a report issued by Accenture - "Building Confidence: Solving Banking's Cybersecurity" - many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defence.
The report was based on a global survey of 275 senior security executives across the banking and capital markets sectors. It found that 78 per cent of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51 per cent, 51 per cent and 50 per cent, respectively). However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36 per cent) were successful, meaning at least some information was obtained through the breach. In these instances, it took 59 per cent of banks several months to detect breaches that occurred.

Additionally, nearly half (48 per cent) of respondents cited internal breaches as having the greatest cybersecurity impact and 52 per cent indicated a lack of confidence in their organization's ability to detect a breach through internal monitoring. "Bank executives are clearly confident when it comes to their cybersecurity capabilities, but there is still much work to be done," said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience, Accenture Security. "Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyberattack practices. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks' job as difficult as possible." While banks' security teams detected a high number of each company's breaches, virtually all (99 per cent) of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.

According to the report, developing and implementing the right governance model to drive a holistic approach to cybersecurity is critically important in strengthening a firm's external and internal defence capabilities. Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other. Banks expect cybersecurity skills shortage The research also points to several areas where respondents foresee a significant skills shortage, including end-point / network security, incident response and vulnerability management (cited by 61 per cent, 53 per cent and 53 per cent, respectively). Thompson added: "Banks have traditionally prioritized their cybersecurity investment around building higher, more secure walls.

But this has often been to the detriment of their internal capabilities. While defending the perimeter is crucial, it's often the people inside the walls that present the biggest risk, but also the biggest weapon in the fight for resiliency." Half of Romanians fear that someone could control their smart devices In the wide and dissimilar world of individual consumers, according to Bitdefender, one of the leading digital security solutions in Romania and worldwide, around 46 per cent of Romanian users are concerned that a potential attacker could take over or control the smart devices they use every day, which exposes them to identity theft, espionage and invasion of privacy. According to the survey conducted by iSense Solutions and ordered by Bitdefender, findings showed that Romanians keep up with the latest in technology and buy different gadgets of the latest generation; 70 per cent of them already own a smartphone, laptop, tablet, smart TV or computer desktops, but almost a quarter of the townspeople hold also gadgets of next generation such as smart watches (24 per cent), surveillance cameras on their dwelling, or child connected to the internet (21 per cent), e-readers (20 per cent), game consoles (15 per cent) or fitness bracelets (14 per cent).

Within this landscape, 43 per cent of survey participants said that they are afraid of outside intruders which could steal their private information stored on the smart devices - photos, videos, programs and personal documents - and a quarter are concerned that a stranger could turn on the web camera or the microphone of different devices and record everything that happens in privacy. According to experts in cyber security at Bitdefender, these vulnerabilities allow attackers to easily compromise the home-based Internet network, relying on the fact that many users are not aware of the dangers they face being surrounded by smart devices connected to Internet. Most of the problems identified are common and already known, the experts say, some for more than four years. This shows that the devices' producers are not interested in running complex security algorithms nor in constantly varying the software updates, even though some gadgets have long lasting service lives.

Typically, the access credentials are very weak, so that attempts to break the passwords are successful in an average of one out of four cases. The study also shows that Romanian users are not keen in updating their operations systems installed on different devices, even if they use some of them frequently, such as smartphones or computers. Hence, 20 per cent of laptop users and half of smart TV owners haven't operated an update to their software to the most recent version, blaming the lack of time or technical knowledge. "In the absence of such updates, the Romanian users should be aware of the fact that access to personal data can be easily achieved," said Bogdan Botezatu, cyber security specialist at Bitdefender. He added that smart devices collect enormous data volumes, from location, habits, lifestyle and behaviour, to passions, beliefs, health status or political views and considering that an intruder could have access to all these data, the worries voiced by users are valid.

Bad habits die hard

More than half of Romanians use the same passwords for all accounts and devices while 29 per cent use several passwords changed at certain period of times. The specialists in cyber security warn of the risk of using the same password, mostly formed only by letters and recommend replacing them with combinations of letters, numbers and symbols, as well as changing them on regular basis. According to data, the number of devices connected to Internet beat the milestone of six billion units registered at the end of 2016 and the estimations show that the industry will continue to develop in this direction at a fast pace. The iSense Solutions study has been developed following a survey conducted in Romania, US, UK, Germany, France, and Australia at the end of 2016 and questioned over 2,000 respondents, with a trust level of 95 per cent and error margin of five per cent.

Also in 2016, about one third of Romanian Internet users (31 per cent) provided online personal data, half the registered average at the level of the European Union (UE), which stands at 71 per cent, as revealed in the results of a study developed by Perceptum research company. According to them, last year, only 15 per cent of Romanians who surfed online refused to provide personal data to be used for advertising purposes, as compared to an 80 per cent European average. The same percentage of Romanian Internet users limited access to their personal profile or their own content placed on social networks, as compared to a 40 per cent average of the EU. Only four in ten Romanians (38 per cent) are aware of the existence of these files and the data they offer: valuable feedback on user preferences in terms of shopping, information sources, vacations and more.

According to the cited source, at 2016 levels, nearly 24 per cent of Romanian Internet users have read the privacy policies of sites (37 per cent the EU average), and 70 per cent of those who surfed online have done so from mobile phones or smartphones and 26 per cent from tablets. The data used in the specialized research were issued by the European Statistics Office (Eurostat) during December 2016 - February 2017. Sensitive industries require even more protection and this is more visible in the case of industries that also act as strategic sectors, such as energy.

No wonder that lately, more and more partnerships and memorandums of understandings have been signed between large organizations and IT solutions providers. In April this year, Atos and Siemens announced they had entered into a Memorandum of Understanding (MOU) and will leverage their portfolios to help customers establish an integrated first line of defence against cyber-attacks. Siemens and Atos work together in the area of cybersecurity for industrial companies, providing customers in the manufacturing and processing industries with comprehensive security services and products, the companies said in a press release. The Atos and Siemens partnership in the US is part of a global agreement around cybersecurity including common go-to-market and shared research and development efforts to target Information Technology (IT) and Operational Technology (OT) security for any market.

As utilities increasingly use software to become more efficient and reliable, there is a corresponding need to boost cyber defences – going beyond compliance regulations to secure operations. In oil and gas, digitalization brings a convergence of IT and OT connectivity that enables data to travel from the field, to the control room to the enterprise network – underscoring the need for a unique set of solutions to address the crossover between IT and OT.

A recent study from the independent Ponemon Institute shows that nearly 70 per cent of US oil and gas cyber managers said their operations have had at least one security compromise in the past year, resulting in the loss of confidential information or OT disruption – highlighting the need for the oil and gas industry to increase its cyber defences. "We are pleased to have the opportunity to expand the Siemens and Atos relationship as US utilities, oil and gas industries are realizing the extent of cybersecurity challenges when moving into a digitized and connected ecosystem," said Michel Alain Proch, Group Senior Executive V.P. and CEO North America, Atos. "With our combined end-to-end suite of solutions and innovative approaches to security analytics and better detection and response capabilities, customers will see tangible advantages in cost and risk reductions, as well as enhanced performance and flexibility gains.As the energy industry benefits from digital technologies and solutions, there is a need to guard against growing cyber threats. This new cooperation is part of our broad effort to deliver cybersecurity solutions to America's energy sector. By bridging operational technology and information technology capabilities, we can strengthen our customers' defences against costly and disruptive attacks," said Judy Marks, CEO Siemens USA and Executive Vice President of New Equipment Solutions for Dresser-Rand.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
Michael Ringman, TELUS International: Going omnichannel, from challenges, misconceptions to readiness and benefits

In a recent interview, Outsourcing Today asked Michael Ringman, Chief Information Officer, TELUS International about the latest resolutions and

 Read Full article »
DB Global Technology launches DB Tech School and trains a new generation of Romanian software specialists

DB Global Technology, Deutsche Bank's technology center in Bucharest, launches DB Tech School, a training program for software specialists who are at the beginning of their careers and are interested in the Jav

 Read Full article »
Atos wins major contract with Safran in the transformation of IT infrastructure

Atos, a global leader in digital transformation, has been selected by Safran, leader in the aeronautics and aerospace sectors, as its partner to optimize datacenters worldwide. The four-year contract runs till

 Read Full article »
Amazon close to sign lease contract for 10.000 sqm office space within Globalworth Campus

At the beginning of this year, the US giant retailer Amazon was said to rent around 10.000 sqm office spaces in Bucharest, where they might hire some 1.000 professionals, according to sources close to company q

 Read Full article »
Levi9 relocates office to Business Center Iasi

IT company Levi9 will open its new Iasi office at Iasi, Soseaua Nationala 31. The new office will be a modern, open and attractive working environment for the 150 employees and facilitate the expected growth to

 Read Full article »
IBM to open its fourth business services center in Romania

US-based IT giant IBM announced it would open a new business center in Cluj-Napoca this July, the fourth center operated by the It company in Romania, after Bucharest, Brasov and Timisoara.

 Read Full article »
SAP ranked first among Europe's most valuable brands in 2017

SAP, leading company in digital transformation, ranked 1st among Europe's most valuable brands, according to the 2017's edition of BrandZ Top 100 Most Valuable Global Brands, with a brand value of 45.194 billio

 Read Full article »
Nokia invests 73 million Euro in expanding its campus in Timisoara

Finland-based company Nokia said it will be expanding its campus in western city of Timisoara with the biggest research and development (R&D) center in the Romanian telecom industry and the total investment exc

 Read Full article »
Romania's Fribourg Capital launches 20 million Euro investment fund for startups

Romanian investment firm Fribourg Capital said it has launched Fribourg Digital, a 20 million Euro investment fund which targets startups in the IT sector, according to a company statement quoted by seenews.

 Read Full article »
Avangate plans to hire 45 IT specialists for its office in Romania

Avangate, the global eCommerce and subscription billing platform for software, SaaS, and digital solutions, with Romanian roots, which recently acquired the 2Checkout global payment processor, will hire 45 IT s

 Read Full article »
 
MOST RECENT VIDEO
 
 
MOST READ ARTICLES
» ROMANIAN OUTSOURCING AWARDS FOR EXCELL...
» Grégoire Vigroux appointed the new Vi...
» Romanian Outsourcing Awards for Excell...
» Romanian Outsourcing Awards for Excell...
» SocGen's EBS division to grow 60%, exp...
» Bombardier: from Bucharest subway to t...
» Ericsson and Skanska trial IoT for Sma...
» OT Learning & Development Roundable ta...
» Molson Coors started to grow its busin...
» AFI Europe Romania and Dedeman sign ag...
 
EDITOR CHOICE
TELUS International Europe: Issue 3 - Customers First magazine! Strategy and innovation in travel and hospitality

The third issue of our Customers First magazine is now available! The latest edition is all about travel and hospitality, featuring insights from industry experts and top brands like JetBlue, Turo, Joie de Vivr

 Read Full article »
The future is now - Review of Romanian Outsourcing Summit, 2017

Romania delivers services in 25 languages with more than 100,000 specialists employed in the outsourcing industry and business services, and based on an estimated growth of 15-20 per cent, it is estimated to re

 Read Full article »
Genpact's COO: Staying ahead of the curve

Shibu Nambiar has over 18 years of experience in the services industry, covering roles in operations, project management, service delivery, product development, domain management and training.

 Read Full article »
Reshaping the industry mindset

The business shared services industry in Romania is living a fantastic youth, but may be heading towards a maturity that may come sooner than expected, thanks to disruptive emerging technologies and the urgent

 Read Full article »
OT Learning & Development Roundable takes place on June 15th

On June 15th, Outsourcing Today organizes OT Learning & Development roundtable. The event brings together the business services professionals to discuss and discover new tools and programs designed to assist bu

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events