Latest News  

Cybersecurity the sharp (s)word of today

Technology moves the outsourcing services industry - as it does all service industries - towards new horizons, not all of them known. Companies are willing to outsource more, as they are challenged by an increasing need for transparency and fast response to market needs, and the desire for more value at lower costs.

2017-06-15 21:11:55

It's now the moment of younger and smaller technology companies hoping to disrupt incumbent businesses with better service, more innovative products, lower prices, and the ability to respond flexibly to changing customer habits and preferences.

The global technology helps but it comes at a price Increasingly, data security becomes top priority for companies. In light of the most recent technological developments and cybernetic threats, development of new technologies has raised the level of security concerns, while IoT prevalence further intensifies the risks. Thus, 2017 is expected to observe the emergence of Security as a Service, offered by specialized security BPO service providers. Enterprises and outsourcing agencies will strive to protect their data, regardless of its size and location. According to a study conducted by PwC and focusing on cybersecurity and privacy matters, "many organizations are pursuing emerging technologies to develop new products, services, or ways of doing business. However, companies don't always consider the emerging cybersecurity threats that could impact these systems after they're implemented. PwC can help you design transformation strategies with security in mind from the very start, with the foresight to help you see what's on the other side of the leading edge.

Because you don't WannaCry anymore

Among the most recent strike of hackers, the ransomware attack known as WannaCry first struck on Friday, May 12, 2017 and as stated also in the PwC study, "by the following Monday, it had reached more than 200,000 computers in 150 countries. Although we still don't know all the details, it's clear that some organizations were victimized far more severely than others. The news of this episode reinforces a view that we at PwC have promoted for a long time: Effective protection against cyber-attacks has less to do with any particular technological factor, and everything to do with proactive risk management in general." The PwC experts added: "We expect there will be more attacks because the techniques and exploits used to distribute WannaCry were only recently leaked to the world in April 2017 (allegedly from the National Security Agency by an anonymous group called Shadow Brokers). Similar documents (allegedly originally from the Central Intelligence Agency) were published by WikiLeaks in March 2017, and there will probably be more such leaks, not just in the U.S. and Europe, but in countries around the world. Every breach will empower independent parties with tools heretofore held by governments. Ransom, blackmail, surveillance, shutdown, and data manipulation are all more feasible than they were only a few months ago. Lessons learned There are lessons to be learned every time whenever something of these proportions happens.

First, according to specialists of PwC, the need arises for a robust digital hygiene within organizations and individual use. Also, as human errors are many times the trigger of these happenings, the ability to detect intrusive behaviour would also help. "Human error is still the most prevalent means of gaining access to proprietary information. Employees often unwittingly expose data to a cyber-threat actor through a fraudulent email or other socially engineered techniques, thereby giving hackers access to passcodes or other means of entry. Organizations with effective risk management practices rarely release sensitive information to outsiders inadvertently. They are particularly protective of administrative accounts and other privileged information; they make it extremely difficult to obtain the kind of data that would allow someone to take over a system. They are also attuned to detection, learning to recognize the keystroke behaviour common to intruders and isolate it in real time. The one thing they share openly is the data about the intruders they detect; collaboration among security professionals from a wide range of organizations is one of the best defences against cybercrime activity," according to PwC. The study also advises on building a thoughtful design of IT infrastructure and early adoption of cloud technology.

Also, at Outsourcing Today's latest Outsourcing Summit, Mihaela Apostoleanu, Senior Director, Oracle EMEA Business Operations, said that: "Right now, the security challenge is the focus in the software area. The weakness comes from companies. With the volumes of data and people involved at so many levels, the security data is foremost. We need to educate people how to use technologies and social media concerning security data, informing and developing protocols for permits to use the image of companies and information. This will happen alongside the using of security tools in order to identify the breaches and prevent." With the fast emergence of new technologies and automation, a general feeling among employees is that they fear losing control in this newly-changed work environment. Olivier Hecq, Head of SSC IT, Societe Generale European Business Services stated that "There is no such thing as zero risk in the new cyber world but the security issues should be in focus all the time." The opinion is shared by Liviu Lazarescu, IT Delivery Head for Romania Operations, Wipro Technologies: "More should be done in the awareness part of security. Each company has its own way of dealing with security, according to its needs. We need to address real-life scenario implementation for the benefit of finding the best security solutions." The young generation changes the entire work environment, by bringing new customs, habits and work patterns. For instance, as underlined by Mihaela Dobre, Learning & Development Manager EMEA, Stefanini, the young generation is very keen on work flexibility, which also implies working from home. "And working for home is a sensitive option, at many levels, including the security matter. "

Representing CIMA - Chartered Institute of Management Accountants, Daniel Idzkowski, Associate Director – Global Corporate Relations underlined the need to better address the real digital threats: "We need to address cybersecurity, designing and implementing Cybersecurity frameworks, cyber maturity assessments; organisational design for cybersecurity; Cloud security; design and rollout of cybersecurity processes such as Incident Management, Intrusion Detection, and Security Monitoring. Also, concepts such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing should be implemented and put on the first-page of companies' agendas." Money hurts According to a report issued by Accenture - "Building Confidence: Solving Banking's Cybersecurity" - many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defence.
The report was based on a global survey of 275 senior security executives across the banking and capital markets sectors. It found that 78 per cent of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51 per cent, 51 per cent and 50 per cent, respectively). However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36 per cent) were successful, meaning at least some information was obtained through the breach. In these instances, it took 59 per cent of banks several months to detect breaches that occurred.

Additionally, nearly half (48 per cent) of respondents cited internal breaches as having the greatest cybersecurity impact and 52 per cent indicated a lack of confidence in their organization's ability to detect a breach through internal monitoring. "Bank executives are clearly confident when it comes to their cybersecurity capabilities, but there is still much work to be done," said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience, Accenture Security. "Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyberattack practices. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks' job as difficult as possible." While banks' security teams detected a high number of each company's breaches, virtually all (99 per cent) of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.

According to the report, developing and implementing the right governance model to drive a holistic approach to cybersecurity is critically important in strengthening a firm's external and internal defence capabilities. Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other. Banks expect cybersecurity skills shortage The research also points to several areas where respondents foresee a significant skills shortage, including end-point / network security, incident response and vulnerability management (cited by 61 per cent, 53 per cent and 53 per cent, respectively). Thompson added: "Banks have traditionally prioritized their cybersecurity investment around building higher, more secure walls.

But this has often been to the detriment of their internal capabilities. While defending the perimeter is crucial, it's often the people inside the walls that present the biggest risk, but also the biggest weapon in the fight for resiliency." Half of Romanians fear that someone could control their smart devices In the wide and dissimilar world of individual consumers, according to Bitdefender, one of the leading digital security solutions in Romania and worldwide, around 46 per cent of Romanian users are concerned that a potential attacker could take over or control the smart devices they use every day, which exposes them to identity theft, espionage and invasion of privacy. According to the survey conducted by iSense Solutions and ordered by Bitdefender, findings showed that Romanians keep up with the latest in technology and buy different gadgets of the latest generation; 70 per cent of them already own a smartphone, laptop, tablet, smart TV or computer desktops, but almost a quarter of the townspeople hold also gadgets of next generation such as smart watches (24 per cent), surveillance cameras on their dwelling, or child connected to the internet (21 per cent), e-readers (20 per cent), game consoles (15 per cent) or fitness bracelets (14 per cent).

Within this landscape, 43 per cent of survey participants said that they are afraid of outside intruders which could steal their private information stored on the smart devices - photos, videos, programs and personal documents - and a quarter are concerned that a stranger could turn on the web camera or the microphone of different devices and record everything that happens in privacy. According to experts in cyber security at Bitdefender, these vulnerabilities allow attackers to easily compromise the home-based Internet network, relying on the fact that many users are not aware of the dangers they face being surrounded by smart devices connected to Internet. Most of the problems identified are common and already known, the experts say, some for more than four years. This shows that the devices' producers are not interested in running complex security algorithms nor in constantly varying the software updates, even though some gadgets have long lasting service lives.

Typically, the access credentials are very weak, so that attempts to break the passwords are successful in an average of one out of four cases. The study also shows that Romanian users are not keen in updating their operations systems installed on different devices, even if they use some of them frequently, such as smartphones or computers. Hence, 20 per cent of laptop users and half of smart TV owners haven't operated an update to their software to the most recent version, blaming the lack of time or technical knowledge. "In the absence of such updates, the Romanian users should be aware of the fact that access to personal data can be easily achieved," said Bogdan Botezatu, cyber security specialist at Bitdefender. He added that smart devices collect enormous data volumes, from location, habits, lifestyle and behaviour, to passions, beliefs, health status or political views and considering that an intruder could have access to all these data, the worries voiced by users are valid.

Bad habits die hard

More than half of Romanians use the same passwords for all accounts and devices while 29 per cent use several passwords changed at certain period of times. The specialists in cyber security warn of the risk of using the same password, mostly formed only by letters and recommend replacing them with combinations of letters, numbers and symbols, as well as changing them on regular basis. According to data, the number of devices connected to Internet beat the milestone of six billion units registered at the end of 2016 and the estimations show that the industry will continue to develop in this direction at a fast pace. The iSense Solutions study has been developed following a survey conducted in Romania, US, UK, Germany, France, and Australia at the end of 2016 and questioned over 2,000 respondents, with a trust level of 95 per cent and error margin of five per cent.

Also in 2016, about one third of Romanian Internet users (31 per cent) provided online personal data, half the registered average at the level of the European Union (UE), which stands at 71 per cent, as revealed in the results of a study developed by Perceptum research company. According to them, last year, only 15 per cent of Romanians who surfed online refused to provide personal data to be used for advertising purposes, as compared to an 80 per cent European average. The same percentage of Romanian Internet users limited access to their personal profile or their own content placed on social networks, as compared to a 40 per cent average of the EU. Only four in ten Romanians (38 per cent) are aware of the existence of these files and the data they offer: valuable feedback on user preferences in terms of shopping, information sources, vacations and more.

According to the cited source, at 2016 levels, nearly 24 per cent of Romanian Internet users have read the privacy policies of sites (37 per cent the EU average), and 70 per cent of those who surfed online have done so from mobile phones or smartphones and 26 per cent from tablets. The data used in the specialized research were issued by the European Statistics Office (Eurostat) during December 2016 - February 2017. Sensitive industries require even more protection and this is more visible in the case of industries that also act as strategic sectors, such as energy.

No wonder that lately, more and more partnerships and memorandums of understandings have been signed between large organizations and IT solutions providers. In April this year, Atos and Siemens announced they had entered into a Memorandum of Understanding (MOU) and will leverage their portfolios to help customers establish an integrated first line of defence against cyber-attacks. Siemens and Atos work together in the area of cybersecurity for industrial companies, providing customers in the manufacturing and processing industries with comprehensive security services and products, the companies said in a press release. The Atos and Siemens partnership in the US is part of a global agreement around cybersecurity including common go-to-market and shared research and development efforts to target Information Technology (IT) and Operational Technology (OT) security for any market.

As utilities increasingly use software to become more efficient and reliable, there is a corresponding need to boost cyber defences – going beyond compliance regulations to secure operations. In oil and gas, digitalization brings a convergence of IT and OT connectivity that enables data to travel from the field, to the control room to the enterprise network – underscoring the need for a unique set of solutions to address the crossover between IT and OT.

A recent study from the independent Ponemon Institute shows that nearly 70 per cent of US oil and gas cyber managers said their operations have had at least one security compromise in the past year, resulting in the loss of confidential information or OT disruption – highlighting the need for the oil and gas industry to increase its cyber defences. "We are pleased to have the opportunity to expand the Siemens and Atos relationship as US utilities, oil and gas industries are realizing the extent of cybersecurity challenges when moving into a digitized and connected ecosystem," said Michel Alain Proch, Group Senior Executive V.P. and CEO North America, Atos. "With our combined end-to-end suite of solutions and innovative approaches to security analytics and better detection and response capabilities, customers will see tangible advantages in cost and risk reductions, as well as enhanced performance and flexibility gains.As the energy industry benefits from digital technologies and solutions, there is a need to guard against growing cyber threats. This new cooperation is part of our broad effort to deliver cybersecurity solutions to America's energy sector. By bridging operational technology and information technology capabilities, we can strengthen our customers' defences against costly and disruptive attacks," said Judy Marks, CEO Siemens USA and Executive Vice President of New Equipment Solutions for Dresser-Rand.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
Stefanini named Eliza Irimia Financial Director for the EMEA region

Eliza Irimia joined Stefanini IT solutions company, with operations in 39 countries and 88 offices around the world, as Financial Director for EMEA. From this position, Eliza will coordinate the company's finan

 Read Full article »
The business environment - invited to get involved in the development of future employees

Over 5,400 Romanian young people have participated in the Duke of Edinburgh's International Award program in Romania (DofE) over the past six years, the personal development program that gives young people aged

 Read Full article »
Oracle study: Moving To IaaS is fundamental to remaining competitive

Research reveals benefits of Cloud Infrastructure established as a clear differentiator. A survey of 1,600 senior IT professionals explores the benefits and misconceptions surrounding IaaS adoption, according

 Read Full article »
Mihnea Diaconu appointed development manager at Webhelp

Webhelp Romania aims to consolidate and develops its local operations by hiring Mihnea Diaconu as Business Development Director.

 Read Full article »
The biggest FAB LAB from Romania has been opened in Iasi

Based on a concept made by the Miolk team, Fab Lab Iasi has a surface of over 700 sqm and it offers different scenarios for flexible use of the space (competition areas, co-working, makerspace, teaching rooms,

 Read Full article »
Deutsche Bank makes its computer code publicly available for the first time

Deutsche Bank announces it aims to create a common industry standard for trading technology by making its own computer code publicly available for the first time.

 Read Full article »
Deloitte: Leadership disrupted: Pushing the boundaries 2017 Global Human Capital Trends

According to a study of this year conducted by consultancy company Deloitte, today, Many organizations need a completely different kind of leader: a "digital leader" who can build teams, keep people connected a

 Read Full article »
Coface Technologies team already employs 30 specialists in core business applications

Six months after the inauguration of the IT development centre in Bucharest, Coface Technologies has already formed its first functional teams and has also launched the first successful projects, such as the au

 Read Full article »
Pavel Campan appointed as the new Vice-President of Operations for TELUS International Romania

Pavel Campan has been named Vice-President of Operations for TELUS International Romania. This appointment comes at a time when the company is about to reach 1,500 team members locally.

 Read Full article »
Roxana Tesiu appointed as the new Vice-President of Human Resources for TELUS International Europe

Roxana Tesiu has been named Vice-President Human Resources of TELUS International Europe. In her new role, she will lead the HR teams in both Romania and Bulgaria, at a time when the number of team members in b

 Read Full article »
 
MOST RECENT VIDEO
 
 
MOST READ ARTICLES
» Pavel Campan appointed as the new Vice...
» Roxana Tesiu appointed as the new Vice...
» ROMANIAN OUTSOURCING AWARDS FOR EXCELL...
» Manpower:Romania has world's third hig...
» Oracle study: Moving To IaaS is fundam...
» Molson Coors started to grow its busin...
» Comdata to buy four subsidiaries of Fr...
» SII Romania moves to a new office in A...
» The business environment - invited to ...
» PwC: The competitive advantages of Rom...
 
EDITOR CHOICE
Wipro launches automotive center of excellence in Romania

Wipro Limited, global information technology, consulting and business process services company, announced the launch of an Automotive Center of Excellence (CoE) in Timisoara, Romania. This CoE will help Wipro d

 Read Full article »
TELUS International Europe: The convergence of customer service and digital marketing/NewGen technologies: What does it mean for businesses?

Technology shapes the way we educate, communicate, conduct business and advance science, all while maintaining significant influence on the global economy. But the way we engage with technology is changing

 Read Full article »
Stay updated on People in Shared Services and Outsourcing Forum, October 19

Outsourcing Today organizes the third edition of People in Shared Services and Outsourcing Forum, on October 19, 2017 in Bucharest at Caro Hotel.

 Read Full article »
Preparing for the new future

Business shared services in Romania is by nature a flexible, mobile and diverse community and in this context, local markets develop their own particularities to address the global changes, to adjust to new dem

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events