Editor’s choice
Cyber attacks are putting compliance at risk
In this article, Yuval Porat, co-founder and CEO of KAZUAR, an Israeli Cyber-Security start-up developing a holistic cyber security platform which provides businesses with intelligence-grade security in order to address the new level of cyber threat, discusses the risks that cyber attacks pose to industry and explains how businesses can protect their assets
important than ever to understand the true threat to industries that have strict rules and regulations in place. This is because the fallout of an attack goes way beyond earning the organisation a fine for not being compliant or minor financial loss. A new wave of cyber criminals, using new types of cyber attacks, with new motivations for carrying can at best cause operational disruption and at worse lead to fatalities. And between those outcomes, there is a range of other business implications, such as damage to brand reputation, exposure of critical and private data and significant financial loss. To understand more, it is important to provide
W
a bit of background. Today’s cyber criminals are highly-skilled, well-funded and extremely innovative, unencumbered as they are by legislation and regulation. They include ex- members of leading global intelligence agencies who have worked for nation states, developing new ways to hack and disrupt systems. And, while they are not regulated, these criminals are as organised and professional as leading experts in nation-state organisations. As a result, cyberattacks have reached new levels of sophistication: they bring a wide and deep research base, greater technological innovation, exploitation of unprotected layers, better operational capabilities, long-term planning and the ability to orchestrate multi-dimensional attacks that target software and hardware, both on the endpoint and the server-side.
12
e hear every day about the cyber security threat and in a more digitised world, it is now more
To show the true extent of the modern-day
threat, let us take the energy industry as an example. A heavily regulated sector that is rich in resources to invest in cyber security, its traditionally ‘linked-up’, large-scale approach meant that once an issue was discovered, it could be isolated and resolved before it spread to the wider network. However, with the new trend towards digitalised, decentralised service provisions providing alternative energy, the energy sector is open to new opportunists: there is almost an unlimited number of targets for them and it is now much harder to protect every separate plant to a high level. The move towards a “smart grid” also turns the digital “oil field” into a network of data. This data is a highly attractive asset, which can be used by attackers to threaten both security and privacy. In short, there are more targets, so more data to be accessed, giving criminals more motivation to exploit those targets, leading to an increased threat to security and privacy. Furthermore, criminals are still also targeting
employees and third-party partners as a way to access networks. No organisation can assume all its employees have the same level of understanding regarding the sophistication of the attacks that could target them, as a way into the network – and they certainly cannot be sure third- party partners and contractors have the same level of security applied to their systems. A recent survey by BAE systems, for example, found that 71 per cent of organisations had been affected by phishing scams enabled by employees and 65 per cent had been targeted by viruses and malware that was opened by mistake.
This issue is compounded further if a security
system is too complicated or clunky to use. With busy days and deadlines to meet, if the cyber security system is not user-friendly, workers will bypass the protocol in place to expedite their tasks and finish their workload. Unfortunately, all current security systems are
failing by design. They do not take into account the changing nature and sophistication of attacks because they were created based on a different threat assessment – before the profitability of stealing data and causing disruption existed. And, maybe most importantly, different solutions do not work together. Currently, the foundation for cybersecurity is based on the integration of separate products, largely software, with each designed to protect a specific part of the system against a specific type of known threat. So while this application-specific security software may be getting better, it does not cater for weaknesses outside of the threat it tackles. The cyber security industry needs to develop a
comprehensive, holistic solution, from keyboard to cloud that keeps sensitive data safe without disrupting the usability of data. It will require expertise from regulators, legislators and organisations to create a universally recognised standard of protection. The industry is not quite there yet, but hopefully by explaining how cyber criminals are thinking and how security could be approached differently, organisations will start to plan for the new era of cyber threats that require a new approach to stopping them in their tracks.
KAZUAR
www.kazuar-tech.com August 2019 Instrumentation Monthly
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82
