Latest News  

Cybersecurity the sharp (s)word of today

Technology moves the outsourcing services industry - as it does all service industries - towards new horizons, not all of them known. Companies are willing to outsource more, as they are challenged by an increasing need for transparency and fast response to market needs, and the desire for more value at lower costs.

2017-06-15 21:11:55

It's now the moment of younger and smaller technology companies hoping to disrupt incumbent businesses with better service, more innovative products, lower prices, and the ability to respond flexibly to changing customer habits and preferences.

The global technology helps but it comes at a price Increasingly, data security becomes top priority for companies. In light of the most recent technological developments and cybernetic threats, development of new technologies has raised the level of security concerns, while IoT prevalence further intensifies the risks. Thus, 2017 is expected to observe the emergence of Security as a Service, offered by specialized security BPO service providers. Enterprises and outsourcing agencies will strive to protect their data, regardless of its size and location. According to a study conducted by PwC and focusing on cybersecurity and privacy matters, "many organizations are pursuing emerging technologies to develop new products, services, or ways of doing business. However, companies don't always consider the emerging cybersecurity threats that could impact these systems after they're implemented. PwC can help you design transformation strategies with security in mind from the very start, with the foresight to help you see what's on the other side of the leading edge.

Because you don't WannaCry anymore

Among the most recent strike of hackers, the ransomware attack known as WannaCry first struck on Friday, May 12, 2017 and as stated also in the PwC study, "by the following Monday, it had reached more than 200,000 computers in 150 countries. Although we still don't know all the details, it's clear that some organizations were victimized far more severely than others. The news of this episode reinforces a view that we at PwC have promoted for a long time: Effective protection against cyber-attacks has less to do with any particular technological factor, and everything to do with proactive risk management in general." The PwC experts added: "We expect there will be more attacks because the techniques and exploits used to distribute WannaCry were only recently leaked to the world in April 2017 (allegedly from the National Security Agency by an anonymous group called Shadow Brokers). Similar documents (allegedly originally from the Central Intelligence Agency) were published by WikiLeaks in March 2017, and there will probably be more such leaks, not just in the U.S. and Europe, but in countries around the world. Every breach will empower independent parties with tools heretofore held by governments. Ransom, blackmail, surveillance, shutdown, and data manipulation are all more feasible than they were only a few months ago. Lessons learned There are lessons to be learned every time whenever something of these proportions happens.

First, according to specialists of PwC, the need arises for a robust digital hygiene within organizations and individual use. Also, as human errors are many times the trigger of these happenings, the ability to detect intrusive behaviour would also help. "Human error is still the most prevalent means of gaining access to proprietary information. Employees often unwittingly expose data to a cyber-threat actor through a fraudulent email or other socially engineered techniques, thereby giving hackers access to passcodes or other means of entry. Organizations with effective risk management practices rarely release sensitive information to outsiders inadvertently. They are particularly protective of administrative accounts and other privileged information; they make it extremely difficult to obtain the kind of data that would allow someone to take over a system. They are also attuned to detection, learning to recognize the keystroke behaviour common to intruders and isolate it in real time. The one thing they share openly is the data about the intruders they detect; collaboration among security professionals from a wide range of organizations is one of the best defences against cybercrime activity," according to PwC. The study also advises on building a thoughtful design of IT infrastructure and early adoption of cloud technology.

Also, at Outsourcing Today's latest Outsourcing Summit, Mihaela Apostoleanu, Senior Director, Oracle EMEA Business Operations, said that: "Right now, the security challenge is the focus in the software area. The weakness comes from companies. With the volumes of data and people involved at so many levels, the security data is foremost. We need to educate people how to use technologies and social media concerning security data, informing and developing protocols for permits to use the image of companies and information. This will happen alongside the using of security tools in order to identify the breaches and prevent." With the fast emergence of new technologies and automation, a general feeling among employees is that they fear losing control in this newly-changed work environment. Olivier Hecq, Head of SSC IT, Societe Generale European Business Services stated that "There is no such thing as zero risk in the new cyber world but the security issues should be in focus all the time." The opinion is shared by Liviu Lazarescu, IT Delivery Head for Romania Operations, Wipro Technologies: "More should be done in the awareness part of security. Each company has its own way of dealing with security, according to its needs. We need to address real-life scenario implementation for the benefit of finding the best security solutions." The young generation changes the entire work environment, by bringing new customs, habits and work patterns. For instance, as underlined by Mihaela Dobre, Learning & Development Manager EMEA, Stefanini, the young generation is very keen on work flexibility, which also implies working from home. "And working for home is a sensitive option, at many levels, including the security matter. "

Representing CIMA - Chartered Institute of Management Accountants, Daniel Idzkowski, Associate Director – Global Corporate Relations underlined the need to better address the real digital threats: "We need to address cybersecurity, designing and implementing Cybersecurity frameworks, cyber maturity assessments; organisational design for cybersecurity; Cloud security; design and rollout of cybersecurity processes such as Incident Management, Intrusion Detection, and Security Monitoring. Also, concepts such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing should be implemented and put on the first-page of companies' agendas." Money hurts According to a report issued by Accenture - "Building Confidence: Solving Banking's Cybersecurity" - many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defence.
The report was based on a global survey of 275 senior security executives across the banking and capital markets sectors. It found that 78 per cent of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51 per cent, 51 per cent and 50 per cent, respectively). However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36 per cent) were successful, meaning at least some information was obtained through the breach. In these instances, it took 59 per cent of banks several months to detect breaches that occurred.

Additionally, nearly half (48 per cent) of respondents cited internal breaches as having the greatest cybersecurity impact and 52 per cent indicated a lack of confidence in their organization's ability to detect a breach through internal monitoring. "Bank executives are clearly confident when it comes to their cybersecurity capabilities, but there is still much work to be done," said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience, Accenture Security. "Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyberattack practices. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks' job as difficult as possible." While banks' security teams detected a high number of each company's breaches, virtually all (99 per cent) of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.

According to the report, developing and implementing the right governance model to drive a holistic approach to cybersecurity is critically important in strengthening a firm's external and internal defence capabilities. Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other. Banks expect cybersecurity skills shortage The research also points to several areas where respondents foresee a significant skills shortage, including end-point / network security, incident response and vulnerability management (cited by 61 per cent, 53 per cent and 53 per cent, respectively). Thompson added: "Banks have traditionally prioritized their cybersecurity investment around building higher, more secure walls.

But this has often been to the detriment of their internal capabilities. While defending the perimeter is crucial, it's often the people inside the walls that present the biggest risk, but also the biggest weapon in the fight for resiliency." Half of Romanians fear that someone could control their smart devices In the wide and dissimilar world of individual consumers, according to Bitdefender, one of the leading digital security solutions in Romania and worldwide, around 46 per cent of Romanian users are concerned that a potential attacker could take over or control the smart devices they use every day, which exposes them to identity theft, espionage and invasion of privacy. According to the survey conducted by iSense Solutions and ordered by Bitdefender, findings showed that Romanians keep up with the latest in technology and buy different gadgets of the latest generation; 70 per cent of them already own a smartphone, laptop, tablet, smart TV or computer desktops, but almost a quarter of the townspeople hold also gadgets of next generation such as smart watches (24 per cent), surveillance cameras on their dwelling, or child connected to the internet (21 per cent), e-readers (20 per cent), game consoles (15 per cent) or fitness bracelets (14 per cent).

Within this landscape, 43 per cent of survey participants said that they are afraid of outside intruders which could steal their private information stored on the smart devices - photos, videos, programs and personal documents - and a quarter are concerned that a stranger could turn on the web camera or the microphone of different devices and record everything that happens in privacy. According to experts in cyber security at Bitdefender, these vulnerabilities allow attackers to easily compromise the home-based Internet network, relying on the fact that many users are not aware of the dangers they face being surrounded by smart devices connected to Internet. Most of the problems identified are common and already known, the experts say, some for more than four years. This shows that the devices' producers are not interested in running complex security algorithms nor in constantly varying the software updates, even though some gadgets have long lasting service lives.

Typically, the access credentials are very weak, so that attempts to break the passwords are successful in an average of one out of four cases. The study also shows that Romanian users are not keen in updating their operations systems installed on different devices, even if they use some of them frequently, such as smartphones or computers. Hence, 20 per cent of laptop users and half of smart TV owners haven't operated an update to their software to the most recent version, blaming the lack of time or technical knowledge. "In the absence of such updates, the Romanian users should be aware of the fact that access to personal data can be easily achieved," said Bogdan Botezatu, cyber security specialist at Bitdefender. He added that smart devices collect enormous data volumes, from location, habits, lifestyle and behaviour, to passions, beliefs, health status or political views and considering that an intruder could have access to all these data, the worries voiced by users are valid.

Bad habits die hard

More than half of Romanians use the same passwords for all accounts and devices while 29 per cent use several passwords changed at certain period of times. The specialists in cyber security warn of the risk of using the same password, mostly formed only by letters and recommend replacing them with combinations of letters, numbers and symbols, as well as changing them on regular basis. According to data, the number of devices connected to Internet beat the milestone of six billion units registered at the end of 2016 and the estimations show that the industry will continue to develop in this direction at a fast pace. The iSense Solutions study has been developed following a survey conducted in Romania, US, UK, Germany, France, and Australia at the end of 2016 and questioned over 2,000 respondents, with a trust level of 95 per cent and error margin of five per cent.

Also in 2016, about one third of Romanian Internet users (31 per cent) provided online personal data, half the registered average at the level of the European Union (UE), which stands at 71 per cent, as revealed in the results of a study developed by Perceptum research company. According to them, last year, only 15 per cent of Romanians who surfed online refused to provide personal data to be used for advertising purposes, as compared to an 80 per cent European average. The same percentage of Romanian Internet users limited access to their personal profile or their own content placed on social networks, as compared to a 40 per cent average of the EU. Only four in ten Romanians (38 per cent) are aware of the existence of these files and the data they offer: valuable feedback on user preferences in terms of shopping, information sources, vacations and more.

According to the cited source, at 2016 levels, nearly 24 per cent of Romanian Internet users have read the privacy policies of sites (37 per cent the EU average), and 70 per cent of those who surfed online have done so from mobile phones or smartphones and 26 per cent from tablets. The data used in the specialized research were issued by the European Statistics Office (Eurostat) during December 2016 - February 2017. Sensitive industries require even more protection and this is more visible in the case of industries that also act as strategic sectors, such as energy.

No wonder that lately, more and more partnerships and memorandums of understandings have been signed between large organizations and IT solutions providers. In April this year, Atos and Siemens announced they had entered into a Memorandum of Understanding (MOU) and will leverage their portfolios to help customers establish an integrated first line of defence against cyber-attacks. Siemens and Atos work together in the area of cybersecurity for industrial companies, providing customers in the manufacturing and processing industries with comprehensive security services and products, the companies said in a press release. The Atos and Siemens partnership in the US is part of a global agreement around cybersecurity including common go-to-market and shared research and development efforts to target Information Technology (IT) and Operational Technology (OT) security for any market.

As utilities increasingly use software to become more efficient and reliable, there is a corresponding need to boost cyber defences – going beyond compliance regulations to secure operations. In oil and gas, digitalization brings a convergence of IT and OT connectivity that enables data to travel from the field, to the control room to the enterprise network – underscoring the need for a unique set of solutions to address the crossover between IT and OT.

A recent study from the independent Ponemon Institute shows that nearly 70 per cent of US oil and gas cyber managers said their operations have had at least one security compromise in the past year, resulting in the loss of confidential information or OT disruption – highlighting the need for the oil and gas industry to increase its cyber defences. "We are pleased to have the opportunity to expand the Siemens and Atos relationship as US utilities, oil and gas industries are realizing the extent of cybersecurity challenges when moving into a digitized and connected ecosystem," said Michel Alain Proch, Group Senior Executive V.P. and CEO North America, Atos. "With our combined end-to-end suite of solutions and innovative approaches to security analytics and better detection and response capabilities, customers will see tangible advantages in cost and risk reductions, as well as enhanced performance and flexibility gains.As the energy industry benefits from digital technologies and solutions, there is a need to guard against growing cyber threats. This new cooperation is part of our broad effort to deliver cybersecurity solutions to America's energy sector. By bridging operational technology and information technology capabilities, we can strengthen our customers' defences against costly and disruptive attacks," said Judy Marks, CEO Siemens USA and Executive Vice President of New Equipment Solutions for Dresser-Rand.

0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
Your email address will not be published.
Validation Code
Colliers International, designated to obtain WELL certification for Skanska's Campus 6 buildings

Pioneering in the field, Skanska is the first developer to introduce in Romania the WELL Building standard for the newest company's project developed in Bucharest, Campus 6 and its 2 and 3 office buildings, bei

 Read Full article »
Atos signs cybersecurity industry partnership with NATO

Atos, global leader in digital transformation and the NATO (North Atlantic Treaty Organization) Communications and Information Agency today sign an industry agreement to commit to a rigorous and continuous exch

 Read Full article »
Co-working segment: CBRE advises Spaces in the opening of its biggest center in Romania

CBRE, the world and local market leader in real estate consultancy, advised on the leasing transaction of 4,100 sqm office space for the largest center to be opened by Spaces in Romania.

 Read Full article »
Francesca Postolache, Partner PwC joins People in Shared Services & Outsourcing Forum on October 18, at Bucharest

Francesca Postolache, Partner PwC, joins us next Thursday to take forward major subjects such as Digital Transformation and Next-Generation Talent Development.

 Read Full article »
Telekom Romania opens in Brăila its sixth BPO center

Telekom Romania announces the opening in Braila of BPO (Business Process Outsourcing) centre dedicated to companies that need such services and which prefer to rely on a professional and experienced provider

 Read Full article »
Delphi Technologies inaugurates global IT center in Bucharest

Delphi Technologies, a leading provider of advanced propulsion solutions to automotive manufacturers has opened its first multidisciplinary global IT center in Bucharest. This new site will provide information

 Read Full article »
London Stock Exchange Group appoints Andreea Stanescu as General Manager for Romania

London Stock Exchange Group (LSEG) announced that Andreea Stanescu has been appointed General Manager, Romania. Andreea will be reporting to Dee Liyanwela, Head of Business Services Ltd (BSL) Sri Lanka and Roma

 Read Full article »
Google to offer free courses for young programmers and business incubators

Google announced the launch of the "Digital Workshop for Programmers", aimed at offering free courses to students who want to learn to program and young people who want to become technology entrepreneurs. These

 Read Full article »
ANIS scholarships gathered 35 innovative projects since launch

Employers' Association of the Software and Services Industry (ANIS) announced it registered 35 innovative projects within the first edition of its program called "ANIS' Scholarships".

 Read Full article »
Matthieu Pasquier is the new CEO of Societe Generale European Business Services

The Board of Societe Generale named Matthieu Pasquier as the new CEO of Societe Generale European Business Services, effective July 16, the company announced.

 Read Full article »
» Andrei Romanescu, Managing Director of...
» Delphi Technologies inaugurates global...
» Genpact's COO: Staying ahead of the cu...
» French energy operator Total opened su...
» Ready for People in Shared Services & ...
» Grégoire Vigroux appointed the new Vi...
» Francesca Postolache, Partner PwC join...
» Synergy of skills
» Oracle reaches 4,200 employees and pla...
People in Shared Services and Outsourcing Forum, 2018: What kind of future, tomorrow will bring?

We have just concluded the fourth edition of our annual event People in Shared Services and Outsourcing Forum, the get-together of the Who's Who in the industry of business shared services in Romania.

 Read Full article »
Olga Botusan, Stefanini, keynote speaker at People in Shared Services & Outsourcing Forum on October 18, at Bucharest

This Thursday, at People in Shared Services & Outsourcing Forum 2018, Olga Botusan EMEA HR Director at Stefanini joins us to talk about Digital Transformation and Next-Generation Talent Development.

 Read Full article »
Colin Lovering to moderate the talks of People in Shared Services & Outsourcing Forum on October 18, at Bucharest

The moderator of the 4th edition of the annual event dedicated to the human resources in shared services & outsourcing industry, COLIN C. LOVERING ISM, Chairman of BRCC and Senior VP, Avison Young Real Estate i

 Read Full article »
Andrei Mihai Crăciun joins the speakers of People in Shared Services & Outsourcing Forum on October 18, at Bucharest

Andrei Mihai Crăciun the Head of office for Innovation, Technological Transfer and Intellectual Property Office from West University of Timisoara will be joining us to discuss whether the private-state actors

 Read Full article »
Sergiu Negut, on the stage of People in Shared Services & Outsourcing Forum on October 18, at Bucharest

On October 18th, Sergiu Negut joins People in Shared Services and Outsourcing Forum to share with us his ideas of ways to support the industry's human capital necessities and create a more efficient cooperation

 Read Full article »
Latest News  
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events