Latest News  

Addressing the mantra of cyber-security: Confidentiality, integrity and availability

The fast advancement of technology in all the aspects of everyday life, either personal or professional, and the emerging of AI (Artificial Intelligence) and ML (Machine Learning), not to mention cloud technologies, are a double-sided coin, as it also creates new and more and more sophisticated opportunities for hackers to detect breaches in the security systems of companies, institutions and personal gadgets.

2019-06-27 22:51:12

According to Sergiu Zaharia, Technology Architect and Cyber Security Expert with BearingPoint, "old-school security experts remember the times when information security had just three well-known dimensions: confidentiality, integrity and availability. Each dimension was explained by association with a specific sector. The confidentiality was more linked to federal organizations, defence and intelligence, which had to apply people screening, handling procedures and the best encryption algorithm to reduce risk of secret information leakage. Integrity was more associated with banking, as transactions had to be trusted by the involved entities. The availability has been the characteristic of the telco sector, which had to ensure the infrastructure SLAs of the so-called ICS (Information and Communication Systems)."

Zaharia added that now, the three dimensions are of intertwined importance. "The attack vectors are multi-dimensional, so it's not enough ¬to focus on confidentiality or availability. You need to triple your effort and skills matrix to cover all of them. Focus is now on infrastructure resiliency, as with a data security platform. To add more pressure, GDPR is now actively present through huge fines already applied to big players. Some of them provide security products and services to global organizations. Less security-aware organizations now have a reason to fear, and I think towards the example of medical entities. The increase in successful attacks targeting medical data from hospitals and research institutes, which didn't used to be targets, are raising concerns about how these institutions are able to protect their patient information?"

"We observe more care for message authentication, source and origin verification, to reduce risk of illegitimate communications with third parties or IoT infrastructure components. Connected cars are pioneering this "paranoid" approach, after cars have been proven to be hackable from kilometres away. Are you willing to start your car via your smart phone or to accelerate through voice commands? You need an extra level of identification, authentication, and trust. To mitigate credential stuffing, corporate accounts have started to use strong authentication for non-privileged users and to implement tiering and segmentation, not only at data level but also at network or AD infrastructures," says BearingPoint's Sergiu Zaharia.

According to the manager, data limitation is key. "We see mature organizations limiting their sensitive information and making detailed inventories of information flows. Supported by technologies like DLP, DAM and EUBA, data communications are monitored, and their legitimacy is verified, even reactively. Quantum cryptography threatens our already encrypted data. NIST announced the finalists for Post Quantum crypto algorithms, which will protect us after ten years, but we should limit the data with protection needs before then, as some traffic may be re-routed to countries with highly skilled crypto-experts and computing power, in order to be decrypted later," Zaharia explains.

"On the Romanian side, we see a growing trend in implementing supporting data security technologies and processes. As this year we expect targeted attacks against electoral systems, where actionable data of citizens along with their political preferences is handled, we will face an increased wave of individual and state organization breaches. Fortunately, we have well recognized security experts, able to make the best use of supporting technologies to detect and mitigate persistent threats targeting EU and NATO countries. Once again, situational awareness, incident management, and crisis preparedness will show their capabilities," Zaharia adds.

According to a TechSci Research report, "Romania Managed Security Services Market By Deployment Mode, By End User, By Application, Competition Forecast and Opportunities, 2012 - 2022", the managed security services (MSS) market in Romania is projected to surpass 160 million USD by 2022, on account of growing concerns pertaining to compromised IP addresses in BFSI, IT & telecom, retail and government sectors. Rising demand for managed security services from various sectors across the country can be attributed to the increasing need to adopt various cyber security measures to safeguard sensitive data. Moreover, implementation of government initiatives to create a solid framework to monitor and prevent cyberattacks coupled with the growing need to support large individual players in utilizing managed security services to safeguard their IT infrastructure is projected to propel growth in Romania managed security services market during the forecast period.

85 percent of all interactions will be automated (Oracle)

100 percent data-centre replacement is only possible when cloud solutions are afforded at least the same level of reliability and performance as on-premises technology. Everything you run in the cloud needs to be secure from core to edge, leveraging the latest advances in automation technology. The design principles for many first-generation clouds were opportunistic: commodity servers, storage, network, shared tenancy, and best-efforts management. These early capabilities successfully captured the market's attention for low-risk workloads," the Oracle study cites.

According to Bearing Point's manager, cloud providers put a lot of effort in promoting their services, along with cloud associations. "I played an honorific role as Chair of Cloud Security Committee in one of them, and I remember that even in 2012 we had events promoting cloud environments as secure platforms, with even better resilience and protection than the traditional on-premise datacenters at that time. And perception has changed a lot since then, as we also see the previously more reluctant players in the private sector embracing cloud services, and I'm looking at banks. We should not forget the regulatory bodies in banking and data protection which have adapted their rules, an important move toward cloud adoption by the finance sector," Sergiu Zaharia says.

89 percent of finance teams yet to embrace Artificial Intelligence

According to Zaharia, there is no surprise that machine learning and artificial intelligence already plays a strong role in ensuring cyber security. "We've seen last year, on the other side, the potential for using these systems maliciously, by including less detectable malware in neural networks or using adversarial examples against pattern recognition algorithms. Theoretical concepts are already there, ready to be used against newly developed AI weapons expected to appear in 2019 as the ‘intelligent' cold war seems inevitable. An important part of cyber security experts is now getting familiar with machine learning concepts, as a new requirement of their always dynamic profession. Mathematicians and AI research engineers will be more and more involved in cyber security topics, and hopefully will help us prepare the defence against smart weapons. If I can give some advice to my security peers, I would recommend them to go back to universities and network with their professors," Zaharia says.

In this context, a report by the Association of International Certified Professional Accountants and Oracle shows that almost 90 percent of finance teams do not have the skills to support digital transformation. Finance teams lack the digital skillset to embrace the latest advancements in artificial intelligence, causing a negative impact on revenue growth.

The study of more than 700 global finance leaders found that despite a clear correlation between the deployments of AI and revenue growth, 89 percent of organizations have not deployed AI in the finance function and only ten percent of finance teams believe they have the skills to support the organization's digital ambitions.

The report, titled "Agile Finance Unleashed: The Key Traits of Digital Finance Leaders", highlights that 46 percent of tech-savvy finance leaders report positive revenue growth, compared with only 29 percent of tech-challenged leaders. Furthermore, organizations that have seen revenue growth are more likely to be deploying artificial intelligence compared to those where revenues are flat or declining. However, only 11 percent of finance leaders surveyed have implemented artificial intelligence in the finance function, and 90 percent say their finance team does not have the skills to support enterprise digital transformation.


"However, individuals are the first impacted, as personal traffic may take unimaginable routes to countries or cyber criminals who know how valuable it is to control people's data. National security agencies know how to deal with this and seem more prepared to act as targets. Highly disruptive like the recent DDoS attack of 500 million packets per second, with different flavours such as ransomware which can block all identities of a global corporation, or a newcomer, the apparently less-disruptive crypto-mining which seems to be more accepted as a computing resource parasite, all infrastructure-related incidents continue to make a lot of noise in the media as well as financial losses. We see a lot of investments in hunting threats living in internal infrastructures, based on indicators of compromise and actionable threat intelligence feeds. This trend is the result of more advanced and targeted attacks using network, identity management, systems and applications vulnerabilities along the entire supply chain," Sergiu Zaharia adds.

The second category in which Romania ranks above the world average is the average monthly percentage of devices that face the illicit mining of cryptocurrency. Thus the world average reaches 0.11 percent, while in Romania it is 0.26 percent. On the same segment, the Czech Republic has a rate of 0.09 percent, while Serbia exceeds the world average with 0.23 percent.

Microsoft Security Intelligence shows that ransomware attacks dropped by up to 73 percent at world levels in 2018, this being the result of passing onto new methods of cyber-attacks, such as mining cryptocurrencies.

At the same time, phishing continues to be the method preferred by cyber attackers, while the graph of phishing emails detected in the total volume of emails analyzed by Microsoft in the whole world shows an average of 0.38 percent in 2018, growing toward the end of the year when in November it was 0.55 percent at world level. The Microsoft report analyzed over 6.5 billion security incidents that go through the Microsoft cloud every day and collected data from thousands of security researchers.

"Newcomers are always unprepared for being a target, as is the case of cryptocurrency players. The name itself sounds like a more secure environment, as it is based on cryptography, the fundament of cyber security. However, I remember when being a young military engineer in the crypto research unit that a crypto-system was only as secure as its key management process and its implementation. Not the algorithm itself, but processes around made possible the first crypto hack in 2018 in a total value of more than half a billion dollars. Just in one hack, as result of one vulnerable hot wallet! And this is the start. This year we will more probably see an increase in crypto-hacks with a temporary loss of attractivity for this type of virtual coins, but also more security services meant to protect coins, distributed ledgers with adapted security concepts," Zaharia adds.


Expectations for this year in terms of cyber security

According to Sergiu Zaharia, social engineering continued to grow and covered all channels, from the naïve user at home who believes nobody targets him or her personally, to the engineers or bankers reaching the virtual "water hole", and culminating this year with the "hunting" of highly important political targets' iPhones by former intelligence members, as was the case in the recently discovered Operation Karma. All these attacks, once materialized, reach the individual devices or corporate infrastructures, and propagate until the point of success. "I define ‘point of success' as the attacker gaining access to the desired information, to disrupt the disliked service or to increase the amount of money in the personal account. When we speak about data security, we should always consider the supporting infrastructure for data in storage or transit. We start this year with a global manifestation of DNS system vulnerability, to confirm the increasing trend of successful infrastructure attacks. It seems to unaware individuals that they are not part of this hurricane. At the end, they cannot secure the global DNS footprint," Sergiu Zaharia says.

The BearingPoint manager says that supply chain vulnerabilities are increasingly impacting manufacturing players and other organizations trusting their business processes to third party components. "We observed in 2018 an increased focus on testing applications on the entire chain, from third party libraries that present published vulnerabilities, to open source code composing binaries, all in conjunction with the static analysis of software developed internally. Connected cars, planes or just Industry 4.0 plants cannot afford to rely on vulnerable pieces of software built into the IoT components or supporting applications delivered by their trusted suppliers. This year will be the one of application security, as more and more organizations will develop their ability or will outsource code security analysis to near-shore MSSPs," Sergiu Zaharia concludes.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
Cushman & Wakefield Echinox: StreamWIDE joins the new IT hub created in the Timpuri Noi Square project

StreamWIDE, a company specialized in the software and telecommunications industry, realocates its office in Bucharest in the Timpuri Noi Square project, joining the new IT hub created in the business park devel

 Read Full article »
CBRE: Office deliveries expected to bring new stock of 635.00 sqm, Bucharest to reach 3.9 mln sqm modern office spaces

During 2020–2021 to approx. 635,000 sqm of modern office space are expected to be delivered on market, increasing the Bucharest modern stock at approx. 3.9 million sq m, a step closer to a new a threshold and

 Read Full article »
Uber opens at Bucharest the largest support center to drivers and business partners in CEE

Uber company launched this week in Bucharest the largest center in Central and Eastern Europe that offers assistance to drivers and business partners in Romania, a center where they can contact directly Uber re

 Read Full article »
Samsung and Orange Romania activated the 5G VR Live streaming at Untold Music Festival in Romania

Samsung Electronics and Orange Romania have successfully deployed a 5G New Radio (NR) network to demonstrate a series of 5G use cases at Untold Festival 2019, the largest annual dance music festival in Romania,

 Read Full article »
MVP Lab in Sibiu named as one of Europe's best in the "Ones to Watch" list at European Business Awards

Ropardo MVP Lab has been named as ‘One to Watch' in Europe in a list of business excellence published by the European Business Awards, one of world's largest and longest running business competitions.

 Read Full article »
Endava marks one year since IPO

Endava, one of the most important software companies, present on the local market with 7 delivery centers, reaches an almost double capitalization, 2.07 billion USD, on July 26, 2019, one year after listing. Th

 Read Full article »
Infosys opens cyber defence centre in Bucharest

Infosys, a global leader in next-generation digital services and consulting, announced the launch of its Cyber Defence Centre in Bucharest, Romania. The Defence Centre is an expansion of services delivered thro

 Read Full article »
QuEST Global completes integration of IT Six Global Services

QuEST Global, a global product engineering and lifecycle services company, has successfully completed the integration of IT Six Global Services SRL. QuEST Global acquired IT Six, a software engineering services

 Read Full article »
RE MAX Romania opens three more offices

RE/MAX Romania has expanded its network, adding three new offices – RE/MAX Partners in Cluj, RE/MAX Quality in Sibiu and RE/MAX Prestige in Targu Mures.

 Read Full article »
Microsoft and OpenAI form exclusive computing partnership to build new Azure AI supercomputing technologies

Microsoft Corp. and OpenAI have partnered to further extend Microsoft Azure's capabilities in large-scale AI systems, according to a release of Microsoft.

 Read Full article »
 
 
 
MOST READ ARTICLES
» The value proposition of HR in 2019
» Academic efforts to grow the employee ...
» Iorgulescu, ABSL: Desperately needing ...
» Sweden introduces six-hour work day
» World-class HR organizations now spend...
» Deloitte launched mobile app featuring...
» Apostoleanu, Oracle: Human talent, mos...
» Outsourcing becomes a critical part of...
» CBRE: Outsourcing companies expand mor...
» Hays: Timisoara outsourcing industry f...
 
EDITOR CHOICE
Workplace of the Future conference to take place on November 20th at Bucharest

The Diplomat-Bucharest together with Outsourcing Today organize the 3rd Edition of WORKPLACE OF THE FUTURE, on 20th of November 2019, in Bucharest, at Capital Plaza Hotel.

 Read Full article »
Strategic Talent Acquisition at People Empowering Business Forum on October 30 in Bucharest

Latest trends like demographic upheaval, globalization, digital technology, and changing social values and worker expectations, are disrupting business models and radically changing the workplace. These are req

 Read Full article »
Informal IT School and UiPath launch an educational program for RPA development to start in October

Informal IT School announced a partnership with UiPath to launch an RPA development educational program of five months, 100 hours of courses, five days a week. The program will run in Cluj-Napoca.

 Read Full article »
Impact Hub Bucharest joins 3house to manage three coworking spaces in the city

Impact Hub Bucharest, a coworking spaces manager and developer of accelerator programs and events merged with 3house, a new concept of workplace launched in 2018. By this, Impact Hub reaches 3 locations and 6.7

 Read Full article »
JLL: Total office space in Bucharest to reach 3 million sqm

The second quarter of 2019 reconfirmed the increased interest for the office market in Romania. Over 115,000 square meters of office space were leased over this period at the national level, a value similar wit

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events