Latest News  

Cybersecurity the sharp (s)word of today

Technology moves the outsourcing services industry - as it does all service industries - towards new horizons, not all of them known. Companies are willing to outsource more, as they are challenged by an increasing need for transparency and fast response to market needs, and the desire for more value at lower costs.

2017-06-15 21:11:55

It's now the moment of younger and smaller technology companies hoping to disrupt incumbent businesses with better service, more innovative products, lower prices, and the ability to respond flexibly to changing customer habits and preferences.

The global technology helps but it comes at a price Increasingly, data security becomes top priority for companies. In light of the most recent technological developments and cybernetic threats, development of new technologies has raised the level of security concerns, while IoT prevalence further intensifies the risks. Thus, 2017 is expected to observe the emergence of Security as a Service, offered by specialized security BPO service providers. Enterprises and outsourcing agencies will strive to protect their data, regardless of its size and location. According to a study conducted by PwC and focusing on cybersecurity and privacy matters, "many organizations are pursuing emerging technologies to develop new products, services, or ways of doing business. However, companies don't always consider the emerging cybersecurity threats that could impact these systems after they're implemented. PwC can help you design transformation strategies with security in mind from the very start, with the foresight to help you see what's on the other side of the leading edge.

Because you don't WannaCry anymore

Among the most recent strike of hackers, the ransomware attack known as WannaCry first struck on Friday, May 12, 2017 and as stated also in the PwC study, "by the following Monday, it had reached more than 200,000 computers in 150 countries. Although we still don't know all the details, it's clear that some organizations were victimized far more severely than others. The news of this episode reinforces a view that we at PwC have promoted for a long time: Effective protection against cyber-attacks has less to do with any particular technological factor, and everything to do with proactive risk management in general." The PwC experts added: "We expect there will be more attacks because the techniques and exploits used to distribute WannaCry were only recently leaked to the world in April 2017 (allegedly from the National Security Agency by an anonymous group called Shadow Brokers). Similar documents (allegedly originally from the Central Intelligence Agency) were published by WikiLeaks in March 2017, and there will probably be more such leaks, not just in the U.S. and Europe, but in countries around the world. Every breach will empower independent parties with tools heretofore held by governments. Ransom, blackmail, surveillance, shutdown, and data manipulation are all more feasible than they were only a few months ago. Lessons learned There are lessons to be learned every time whenever something of these proportions happens.

First, according to specialists of PwC, the need arises for a robust digital hygiene within organizations and individual use. Also, as human errors are many times the trigger of these happenings, the ability to detect intrusive behaviour would also help. "Human error is still the most prevalent means of gaining access to proprietary information. Employees often unwittingly expose data to a cyber-threat actor through a fraudulent email or other socially engineered techniques, thereby giving hackers access to passcodes or other means of entry. Organizations with effective risk management practices rarely release sensitive information to outsiders inadvertently. They are particularly protective of administrative accounts and other privileged information; they make it extremely difficult to obtain the kind of data that would allow someone to take over a system. They are also attuned to detection, learning to recognize the keystroke behaviour common to intruders and isolate it in real time. The one thing they share openly is the data about the intruders they detect; collaboration among security professionals from a wide range of organizations is one of the best defences against cybercrime activity," according to PwC. The study also advises on building a thoughtful design of IT infrastructure and early adoption of cloud technology.

Also, at Outsourcing Today's latest Outsourcing Summit, Mihaela Apostoleanu, Senior Director, Oracle EMEA Business Operations, said that: "Right now, the security challenge is the focus in the software area. The weakness comes from companies. With the volumes of data and people involved at so many levels, the security data is foremost. We need to educate people how to use technologies and social media concerning security data, informing and developing protocols for permits to use the image of companies and information. This will happen alongside the using of security tools in order to identify the breaches and prevent." With the fast emergence of new technologies and automation, a general feeling among employees is that they fear losing control in this newly-changed work environment. Olivier Hecq, Head of SSC IT, Societe Generale European Business Services stated that "There is no such thing as zero risk in the new cyber world but the security issues should be in focus all the time." The opinion is shared by Liviu Lazarescu, IT Delivery Head for Romania Operations, Wipro Technologies: "More should be done in the awareness part of security. Each company has its own way of dealing with security, according to its needs. We need to address real-life scenario implementation for the benefit of finding the best security solutions." The young generation changes the entire work environment, by bringing new customs, habits and work patterns. For instance, as underlined by Mihaela Dobre, Learning & Development Manager EMEA, Stefanini, the young generation is very keen on work flexibility, which also implies working from home. "And working for home is a sensitive option, at many levels, including the security matter. "

Representing CIMA - Chartered Institute of Management Accountants, Daniel Idzkowski, Associate Director – Global Corporate Relations underlined the need to better address the real digital threats: "We need to address cybersecurity, designing and implementing Cybersecurity frameworks, cyber maturity assessments; organisational design for cybersecurity; Cloud security; design and rollout of cybersecurity processes such as Incident Management, Intrusion Detection, and Security Monitoring. Also, concepts such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing should be implemented and put on the first-page of companies' agendas." Money hurts According to a report issued by Accenture - "Building Confidence: Solving Banking's Cybersecurity" - many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defence.
The report was based on a global survey of 275 senior security executives across the banking and capital markets sectors. It found that 78 per cent of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51 per cent, 51 per cent and 50 per cent, respectively). However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36 per cent) were successful, meaning at least some information was obtained through the breach. In these instances, it took 59 per cent of banks several months to detect breaches that occurred.

Additionally, nearly half (48 per cent) of respondents cited internal breaches as having the greatest cybersecurity impact and 52 per cent indicated a lack of confidence in their organization's ability to detect a breach through internal monitoring. "Bank executives are clearly confident when it comes to their cybersecurity capabilities, but there is still much work to be done," said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience, Accenture Security. "Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyberattack practices. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks' job as difficult as possible." While banks' security teams detected a high number of each company's breaches, virtually all (99 per cent) of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.

According to the report, developing and implementing the right governance model to drive a holistic approach to cybersecurity is critically important in strengthening a firm's external and internal defence capabilities. Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other. Banks expect cybersecurity skills shortage The research also points to several areas where respondents foresee a significant skills shortage, including end-point / network security, incident response and vulnerability management (cited by 61 per cent, 53 per cent and 53 per cent, respectively). Thompson added: "Banks have traditionally prioritized their cybersecurity investment around building higher, more secure walls.

But this has often been to the detriment of their internal capabilities. While defending the perimeter is crucial, it's often the people inside the walls that present the biggest risk, but also the biggest weapon in the fight for resiliency." Half of Romanians fear that someone could control their smart devices In the wide and dissimilar world of individual consumers, according to Bitdefender, one of the leading digital security solutions in Romania and worldwide, around 46 per cent of Romanian users are concerned that a potential attacker could take over or control the smart devices they use every day, which exposes them to identity theft, espionage and invasion of privacy. According to the survey conducted by iSense Solutions and ordered by Bitdefender, findings showed that Romanians keep up with the latest in technology and buy different gadgets of the latest generation; 70 per cent of them already own a smartphone, laptop, tablet, smart TV or computer desktops, but almost a quarter of the townspeople hold also gadgets of next generation such as smart watches (24 per cent), surveillance cameras on their dwelling, or child connected to the internet (21 per cent), e-readers (20 per cent), game consoles (15 per cent) or fitness bracelets (14 per cent).

Within this landscape, 43 per cent of survey participants said that they are afraid of outside intruders which could steal their private information stored on the smart devices - photos, videos, programs and personal documents - and a quarter are concerned that a stranger could turn on the web camera or the microphone of different devices and record everything that happens in privacy. According to experts in cyber security at Bitdefender, these vulnerabilities allow attackers to easily compromise the home-based Internet network, relying on the fact that many users are not aware of the dangers they face being surrounded by smart devices connected to Internet. Most of the problems identified are common and already known, the experts say, some for more than four years. This shows that the devices' producers are not interested in running complex security algorithms nor in constantly varying the software updates, even though some gadgets have long lasting service lives.

Typically, the access credentials are very weak, so that attempts to break the passwords are successful in an average of one out of four cases. The study also shows that Romanian users are not keen in updating their operations systems installed on different devices, even if they use some of them frequently, such as smartphones or computers. Hence, 20 per cent of laptop users and half of smart TV owners haven't operated an update to their software to the most recent version, blaming the lack of time or technical knowledge. "In the absence of such updates, the Romanian users should be aware of the fact that access to personal data can be easily achieved," said Bogdan Botezatu, cyber security specialist at Bitdefender. He added that smart devices collect enormous data volumes, from location, habits, lifestyle and behaviour, to passions, beliefs, health status or political views and considering that an intruder could have access to all these data, the worries voiced by users are valid.

Bad habits die hard

More than half of Romanians use the same passwords for all accounts and devices while 29 per cent use several passwords changed at certain period of times. The specialists in cyber security warn of the risk of using the same password, mostly formed only by letters and recommend replacing them with combinations of letters, numbers and symbols, as well as changing them on regular basis. According to data, the number of devices connected to Internet beat the milestone of six billion units registered at the end of 2016 and the estimations show that the industry will continue to develop in this direction at a fast pace. The iSense Solutions study has been developed following a survey conducted in Romania, US, UK, Germany, France, and Australia at the end of 2016 and questioned over 2,000 respondents, with a trust level of 95 per cent and error margin of five per cent.

Also in 2016, about one third of Romanian Internet users (31 per cent) provided online personal data, half the registered average at the level of the European Union (UE), which stands at 71 per cent, as revealed in the results of a study developed by Perceptum research company. According to them, last year, only 15 per cent of Romanians who surfed online refused to provide personal data to be used for advertising purposes, as compared to an 80 per cent European average. The same percentage of Romanian Internet users limited access to their personal profile or their own content placed on social networks, as compared to a 40 per cent average of the EU. Only four in ten Romanians (38 per cent) are aware of the existence of these files and the data they offer: valuable feedback on user preferences in terms of shopping, information sources, vacations and more.

According to the cited source, at 2016 levels, nearly 24 per cent of Romanian Internet users have read the privacy policies of sites (37 per cent the EU average), and 70 per cent of those who surfed online have done so from mobile phones or smartphones and 26 per cent from tablets. The data used in the specialized research were issued by the European Statistics Office (Eurostat) during December 2016 - February 2017. Sensitive industries require even more protection and this is more visible in the case of industries that also act as strategic sectors, such as energy.

No wonder that lately, more and more partnerships and memorandums of understandings have been signed between large organizations and IT solutions providers. In April this year, Atos and Siemens announced they had entered into a Memorandum of Understanding (MOU) and will leverage their portfolios to help customers establish an integrated first line of defence against cyber-attacks. Siemens and Atos work together in the area of cybersecurity for industrial companies, providing customers in the manufacturing and processing industries with comprehensive security services and products, the companies said in a press release. The Atos and Siemens partnership in the US is part of a global agreement around cybersecurity including common go-to-market and shared research and development efforts to target Information Technology (IT) and Operational Technology (OT) security for any market.

As utilities increasingly use software to become more efficient and reliable, there is a corresponding need to boost cyber defences – going beyond compliance regulations to secure operations. In oil and gas, digitalization brings a convergence of IT and OT connectivity that enables data to travel from the field, to the control room to the enterprise network – underscoring the need for a unique set of solutions to address the crossover between IT and OT.

A recent study from the independent Ponemon Institute shows that nearly 70 per cent of US oil and gas cyber managers said their operations have had at least one security compromise in the past year, resulting in the loss of confidential information or OT disruption – highlighting the need for the oil and gas industry to increase its cyber defences. "We are pleased to have the opportunity to expand the Siemens and Atos relationship as US utilities, oil and gas industries are realizing the extent of cybersecurity challenges when moving into a digitized and connected ecosystem," said Michel Alain Proch, Group Senior Executive V.P. and CEO North America, Atos. "With our combined end-to-end suite of solutions and innovative approaches to security analytics and better detection and response capabilities, customers will see tangible advantages in cost and risk reductions, as well as enhanced performance and flexibility gains.As the energy industry benefits from digital technologies and solutions, there is a need to guard against growing cyber threats. This new cooperation is part of our broad effort to deliver cybersecurity solutions to America's energy sector. By bridging operational technology and information technology capabilities, we can strengthen our customers' defences against costly and disruptive attacks," said Judy Marks, CEO Siemens USA and Executive Vice President of New Equipment Solutions for Dresser-Rand.

0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
Your email address will not be published.
Validation Code
CrowdStrike opens a new center of innovation in Bucharest

CrowdStrike Inc., the leader in cloud-delivered endpoint protection, announced the official opening of its new Center of Innovation in the Pipera Technology District, Bucharest, Romania.

 Read Full article »
Romania leads in top of countries with highest number of cybersecurity incidents

Romania is leader in the top of jurisdictions recording the highest number of cybersecurity incidents with 14 attacks, followed by the Czech republic (11) and Hungary (8), according to the study "The Cybersecur

 Read Full article »
Oracle and KPMG study shows data security as priority for business leaders

In August 2018, Oracle applied a questionnaire with a number of questions about transformation technologies to a total of 4,000 respondents in 21 markets. Respondents were top managers in the following markets:

 Read Full article »
Colt Technology Services expands fibre network in four CEE cities

UK-headquartered Colt Technology Services said that it is expanding its IQ fibre network in Bucharest, Zagreb, Belgrade and Sofia as part of its plan for expansion in Central and Eastern Europe (CEE).

 Read Full article »
SAP Romania brings the cloud procurement solution SAP Ariba on local market

SAP Romania, the local subsidiary of the world's largest business software maker, has launched the SAP Ariba Snap program for the domestic market to support the digitization of specific procurement activities.

 Read Full article »
The software industry's input in Romanian economy was 5.4 billion Euro in 2018

According to the latest analysis of KeysFin, 17,000 companies operating in the Romanian software industry generate EUR 5.4 billion in turnover and employ 106,000 people generates 5.4 billion Euro in 2018 in Rom

 Read Full article »
Atos launches construction of global R&D Lab to drive innovation in Quantum Computing

Atos, global leader in digital transformation, officially launches the start of the construction of its new global Research & Development Lab dedicated to research in quantum computing.

 Read Full article »
Softelligence launches its own Academy to form specialists in insurance and banking

Specialized in business software development, Romanian company Softelligence announced it plans to increase its team by 50 per cent in the next two years, by hiring 100 to 150 new colleagues, the company announ

 Read Full article »
Romanian IT group Bittnet issued new bonds were traded on BSE

A new series of corporate bonds issued by Romanian IT group Bittnet Systems was admitted to trading on the main market of the Bucharest Stock Exchange (BVB).

 Read Full article »
Deloitte report: Two billion youth risk of being left behind in the Fourth Industrial Revolution workforce

Almost two billion youth worldwide risk of being left behind in the Fourth Industrial Revolution (Industry 4.0) workforce, which is changing at an increasingly rapid pace as a result of the emerging technologie

 Read Full article »
» Endava expands its IT team in Republic...
» Oracle goes to Oregon Park, the buildi...
» Oracle and KPMG study shows data secur...
» Workplaces, keeping up with the times
» SAP grows its cloud computing team at ...
» Atos and Transilvania University launc...
» CRF Health launches Romanian office an...
» TELUS International Europe: Three ways...
» Softelligence launches its own Academy...
» Romania leads in top of countries with...
How Tech-ready are companies?

Technology has made it easier and faster than ever to prepare, anticipate, implement, and get the job done for everyone, from the simple technology home user to all levels and departments of a corporation. Howe

 Read Full article »
Workplaces, keeping up with the times

For a company, being people-centric is a way of doing business and engaging employees in the company's operations and strategies in a way that provides a positive employment experience before and after the sell

 Read Full article »
Creating a valuable customer experience driven by core values of a company

As HR becomes more and more integrated within the company's long-term strategic business strategies, the digitalization and high-technologies impacting the processes also have to be mirrored at the level of HR

 Read Full article »
Ergonomics in practice - 5 tips for better health at work

Ergonomics is so much more than standing up during the day and sitting correctly. There are so many factors in our environment which also have an effect on our health, and influence our wellbeing at work. The

 Read Full article »
Technology, Mobility and Wellness make for the perfect workplace

The technology binge is pushing ahead the communities, businesses and all aspects related to work and workplaces in such a fast manner that we haven't noticed since the very booming of the office market. And as

 Read Full article »
Latest News  
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events