Latest News  

Addressing the mantra of cyber-security: Confidentiality, integrity and availability

The fast advancement of technology in all the aspects of everyday life, either personal or professional, and the emerging of AI (Artificial Intelligence) and ML (Machine Learning), not to mention cloud technologies, are a double-sided coin, as it also creates new and more and more sophisticated opportunities for hackers to detect breaches in the security systems of companies, institutions and personal gadgets.

2019-06-27 22:51:12

According to Sergiu Zaharia, Technology Architect and Cyber Security Expert with BearingPoint, "old-school security experts remember the times when information security had just three well-known dimensions: confidentiality, integrity and availability. Each dimension was explained by association with a specific sector. The confidentiality was more linked to federal organizations, defence and intelligence, which had to apply people screening, handling procedures and the best encryption algorithm to reduce risk of secret information leakage. Integrity was more associated with banking, as transactions had to be trusted by the involved entities. The availability has been the characteristic of the telco sector, which had to ensure the infrastructure SLAs of the so-called ICS (Information and Communication Systems)."

Zaharia added that now, the three dimensions are of intertwined importance. "The attack vectors are multi-dimensional, so it's not enough ¬to focus on confidentiality or availability. You need to triple your effort and skills matrix to cover all of them. Focus is now on infrastructure resiliency, as with a data security platform. To add more pressure, GDPR is now actively present through huge fines already applied to big players. Some of them provide security products and services to global organizations. Less security-aware organizations now have a reason to fear, and I think towards the example of medical entities. The increase in successful attacks targeting medical data from hospitals and research institutes, which didn't used to be targets, are raising concerns about how these institutions are able to protect their patient information?"

"We observe more care for message authentication, source and origin verification, to reduce risk of illegitimate communications with third parties or IoT infrastructure components. Connected cars are pioneering this "paranoid" approach, after cars have been proven to be hackable from kilometres away. Are you willing to start your car via your smart phone or to accelerate through voice commands? You need an extra level of identification, authentication, and trust. To mitigate credential stuffing, corporate accounts have started to use strong authentication for non-privileged users and to implement tiering and segmentation, not only at data level but also at network or AD infrastructures," says BearingPoint's Sergiu Zaharia.

According to the manager, data limitation is key. "We see mature organizations limiting their sensitive information and making detailed inventories of information flows. Supported by technologies like DLP, DAM and EUBA, data communications are monitored, and their legitimacy is verified, even reactively. Quantum cryptography threatens our already encrypted data. NIST announced the finalists for Post Quantum crypto algorithms, which will protect us after ten years, but we should limit the data with protection needs before then, as some traffic may be re-routed to countries with highly skilled crypto-experts and computing power, in order to be decrypted later," Zaharia explains.

"On the Romanian side, we see a growing trend in implementing supporting data security technologies and processes. As this year we expect targeted attacks against electoral systems, where actionable data of citizens along with their political preferences is handled, we will face an increased wave of individual and state organization breaches. Fortunately, we have well recognized security experts, able to make the best use of supporting technologies to detect and mitigate persistent threats targeting EU and NATO countries. Once again, situational awareness, incident management, and crisis preparedness will show their capabilities," Zaharia adds.

According to a TechSci Research report, "Romania Managed Security Services Market By Deployment Mode, By End User, By Application, Competition Forecast and Opportunities, 2012 - 2022", the managed security services (MSS) market in Romania is projected to surpass 160 million USD by 2022, on account of growing concerns pertaining to compromised IP addresses in BFSI, IT & telecom, retail and government sectors. Rising demand for managed security services from various sectors across the country can be attributed to the increasing need to adopt various cyber security measures to safeguard sensitive data. Moreover, implementation of government initiatives to create a solid framework to monitor and prevent cyberattacks coupled with the growing need to support large individual players in utilizing managed security services to safeguard their IT infrastructure is projected to propel growth in Romania managed security services market during the forecast period.

85 percent of all interactions will be automated (Oracle)

100 percent data-centre replacement is only possible when cloud solutions are afforded at least the same level of reliability and performance as on-premises technology. Everything you run in the cloud needs to be secure from core to edge, leveraging the latest advances in automation technology. The design principles for many first-generation clouds were opportunistic: commodity servers, storage, network, shared tenancy, and best-efforts management. These early capabilities successfully captured the market's attention for low-risk workloads," the Oracle study cites.

According to Bearing Point's manager, cloud providers put a lot of effort in promoting their services, along with cloud associations. "I played an honorific role as Chair of Cloud Security Committee in one of them, and I remember that even in 2012 we had events promoting cloud environments as secure platforms, with even better resilience and protection than the traditional on-premise datacenters at that time. And perception has changed a lot since then, as we also see the previously more reluctant players in the private sector embracing cloud services, and I'm looking at banks. We should not forget the regulatory bodies in banking and data protection which have adapted their rules, an important move toward cloud adoption by the finance sector," Sergiu Zaharia says.

89 percent of finance teams yet to embrace Artificial Intelligence

According to Zaharia, there is no surprise that machine learning and artificial intelligence already plays a strong role in ensuring cyber security. "We've seen last year, on the other side, the potential for using these systems maliciously, by including less detectable malware in neural networks or using adversarial examples against pattern recognition algorithms. Theoretical concepts are already there, ready to be used against newly developed AI weapons expected to appear in 2019 as the ‘intelligent' cold war seems inevitable. An important part of cyber security experts is now getting familiar with machine learning concepts, as a new requirement of their always dynamic profession. Mathematicians and AI research engineers will be more and more involved in cyber security topics, and hopefully will help us prepare the defence against smart weapons. If I can give some advice to my security peers, I would recommend them to go back to universities and network with their professors," Zaharia says.

In this context, a report by the Association of International Certified Professional Accountants and Oracle shows that almost 90 percent of finance teams do not have the skills to support digital transformation. Finance teams lack the digital skillset to embrace the latest advancements in artificial intelligence, causing a negative impact on revenue growth.

The study of more than 700 global finance leaders found that despite a clear correlation between the deployments of AI and revenue growth, 89 percent of organizations have not deployed AI in the finance function and only ten percent of finance teams believe they have the skills to support the organization's digital ambitions.

The report, titled "Agile Finance Unleashed: The Key Traits of Digital Finance Leaders", highlights that 46 percent of tech-savvy finance leaders report positive revenue growth, compared with only 29 percent of tech-challenged leaders. Furthermore, organizations that have seen revenue growth are more likely to be deploying artificial intelligence compared to those where revenues are flat or declining. However, only 11 percent of finance leaders surveyed have implemented artificial intelligence in the finance function, and 90 percent say their finance team does not have the skills to support enterprise digital transformation.


"However, individuals are the first impacted, as personal traffic may take unimaginable routes to countries or cyber criminals who know how valuable it is to control people's data. National security agencies know how to deal with this and seem more prepared to act as targets. Highly disruptive like the recent DDoS attack of 500 million packets per second, with different flavours such as ransomware which can block all identities of a global corporation, or a newcomer, the apparently less-disruptive crypto-mining which seems to be more accepted as a computing resource parasite, all infrastructure-related incidents continue to make a lot of noise in the media as well as financial losses. We see a lot of investments in hunting threats living in internal infrastructures, based on indicators of compromise and actionable threat intelligence feeds. This trend is the result of more advanced and targeted attacks using network, identity management, systems and applications vulnerabilities along the entire supply chain," Sergiu Zaharia adds.

The second category in which Romania ranks above the world average is the average monthly percentage of devices that face the illicit mining of cryptocurrency. Thus the world average reaches 0.11 percent, while in Romania it is 0.26 percent. On the same segment, the Czech Republic has a rate of 0.09 percent, while Serbia exceeds the world average with 0.23 percent.

Microsoft Security Intelligence shows that ransomware attacks dropped by up to 73 percent at world levels in 2018, this being the result of passing onto new methods of cyber-attacks, such as mining cryptocurrencies.

At the same time, phishing continues to be the method preferred by cyber attackers, while the graph of phishing emails detected in the total volume of emails analyzed by Microsoft in the whole world shows an average of 0.38 percent in 2018, growing toward the end of the year when in November it was 0.55 percent at world level. The Microsoft report analyzed over 6.5 billion security incidents that go through the Microsoft cloud every day and collected data from thousands of security researchers.

"Newcomers are always unprepared for being a target, as is the case of cryptocurrency players. The name itself sounds like a more secure environment, as it is based on cryptography, the fundament of cyber security. However, I remember when being a young military engineer in the crypto research unit that a crypto-system was only as secure as its key management process and its implementation. Not the algorithm itself, but processes around made possible the first crypto hack in 2018 in a total value of more than half a billion dollars. Just in one hack, as result of one vulnerable hot wallet! And this is the start. This year we will more probably see an increase in crypto-hacks with a temporary loss of attractivity for this type of virtual coins, but also more security services meant to protect coins, distributed ledgers with adapted security concepts," Zaharia adds.


Expectations for this year in terms of cyber security

According to Sergiu Zaharia, social engineering continued to grow and covered all channels, from the naïve user at home who believes nobody targets him or her personally, to the engineers or bankers reaching the virtual "water hole", and culminating this year with the "hunting" of highly important political targets' iPhones by former intelligence members, as was the case in the recently discovered Operation Karma. All these attacks, once materialized, reach the individual devices or corporate infrastructures, and propagate until the point of success. "I define ‘point of success' as the attacker gaining access to the desired information, to disrupt the disliked service or to increase the amount of money in the personal account. When we speak about data security, we should always consider the supporting infrastructure for data in storage or transit. We start this year with a global manifestation of DNS system vulnerability, to confirm the increasing trend of successful infrastructure attacks. It seems to unaware individuals that they are not part of this hurricane. At the end, they cannot secure the global DNS footprint," Sergiu Zaharia says.

The BearingPoint manager says that supply chain vulnerabilities are increasingly impacting manufacturing players and other organizations trusting their business processes to third party components. "We observed in 2018 an increased focus on testing applications on the entire chain, from third party libraries that present published vulnerabilities, to open source code composing binaries, all in conjunction with the static analysis of software developed internally. Connected cars, planes or just Industry 4.0 plants cannot afford to rely on vulnerable pieces of software built into the IoT components or supporting applications delivered by their trusted suppliers. This year will be the one of application security, as more and more organizations will develop their ability or will outsource code security analysis to near-shore MSSPs," Sergiu Zaharia concludes.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
JLL: Total office space in Bucharest to reach 3 million sqm

The second quarter of 2019 reconfirmed the increased interest for the office market in Romania. Over 115,000 square meters of office space were leased over this period at the national level, a value similar wit

 Read Full article »
Horváth & Partners launches Steering Lab, Big Data and Machine Learning-based excellence center

Management consultant Horváth&Partners announced it launched an excellence center in Romania, Steering Lab, AI-based and using tools of Big Data and Machine Learning.

 Read Full article »
Colliers International takes over the property management of Vastint's Business Garden Bucharest

The real estate consultancy company Colliers International will be in charge with the property management of the office compound Business Garden Bucharest, developed by Vastint in Orhideea area in Bucharest.

 Read Full article »
Survey: Romanians switch to a lower-paying job for other advantages

One out of five Romanians took at least once throughout their career a lower-paying job and two out of five would take a lower-paying job in exchange for other advantages they see as more valuable, a survey con

 Read Full article »
Fujitsu named a leader in Gartner Magic Quadrant for Data Center Outsourcing and Hybrid Infrastructure Managed Services, Europe

Gartner has once again named Fujitsu a Leader in the 2019 Gartner Magic Quadrant for Data Center Outsourcing and Hybrid Infrastructure Managed Services, Europe. This is the seventh consecutive year that Fujitsu

 Read Full article »
KKR enters exclusive negotiations with GBL for Webhelp Group

KKR, a leading global investment firm, announces it has entered into exclusive negotiations to sell a majority stake in the Webhelp group to Groupe Bruxelles Lambert (GBL). GBL will invest alongside Webhelp's

 Read Full article »
TELUS International continues to grow in Bucharest

In order to support the extensive hiring planned for TELUS International in Bucharest this year, the company has acquired 1,200 sqm more space, in addition to the 8,800 sqm office space it has in AFI Park.

 Read Full article »
EY: Four out of five companies plan to reduce their legal spend over the next two years

Eighty-two percent of companies plan to reduce their legal function costs over the next two years, with 42 per cent of respondents planning on doing so by more than 10 per cent, according to a new report releas

 Read Full article »
ANCOM: About 15 million connections affected by security

About 15 million connections were affected in 2018 by security incidents that had in view the security and integrity of electronic communications networks and services, most of them being about mobile telephony

 Read Full article »
PwC Report: In ten years, digital transformation will impact 600,000 jobs in Romania

Over the next ten years, the digital transformation generated by new technologies will affect 600,000 jobs in Romania, according to the PwC's Workforce Disruption Index, presented on July 2, 2019 at Workforce f

 Read Full article »
 
 
 
MOST READ ARTICLES
» Raiffeisen Bank Romania outsources onl...
» World-class HR organizations now spend...
» Apostoleanu, Oracle: Human talent, mos...
» Oracle results pushed down by a strong...
» Sergiu Negut, on the stage of People i...
» Romanian employers report the stronges...
» ANIS: Romanian IT market annual revenu...
» Bosch Service Solutions to grow 20% Ti...
» Omnichannel: 4 pillars of a purposeful...
» Eucom: Nine out of ten corporate Roman...
 
EDITOR CHOICE
My HR Lab: Research of suitable candidates and giving feedback to rejected ones, the biggest challenge in HR

During June 2019, My HR Lab company run an online (social media platforms) survey "Challenges of the recruitment process" which enrolled over 100 professionals working in HR and recruitment in Romania.

 Read Full article »
The local market needs more added-value and complex projects to be developed by the companies

The statement has been uttered within this year's Romanian Outsourcing and Shared Services Summit by Catalina Dodu, Country Manager at Atos, pointing to the local enablers that could enhance the innovation and

 Read Full article »
The office market at a glance: The round for tenants is on

Data provided by CBRE show that the office spaces segment will continue to grow rapidly in 2019, and 15 new projects covering 304.000 sqm will be delivered. According to the real estate consultancy agency, curr

 Read Full article »
People Empowering Business Forum 2019 to take place on October, 30 at Bucharest

Latest trends like demographic upheaval, globalization, digital technology, and changing social values and worker expectations, are disrupting business models and radically changing the workplace. These are req

 Read Full article »
Addressing the mantra of cyber-security: Confidentiality, integrity and availability

The fast advancement of technology in all the aspects of everyday life, either personal or professional, and the emerging of AI (Artificial Intelligence) and ML (Machine Learning), not to mention cloud technolo

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events