Latest News  

Cybersecurity the sharp (s)word of today

Technology moves the outsourcing services industry - as it does all service industries - towards new horizons, not all of them known. Companies are willing to outsource more, as they are challenged by an increasing need for transparency and fast response to market needs, and the desire for more value at lower costs.

2017-06-15 21:11:55

It's now the moment of younger and smaller technology companies hoping to disrupt incumbent businesses with better service, more innovative products, lower prices, and the ability to respond flexibly to changing customer habits and preferences.

The global technology helps but it comes at a price Increasingly, data security becomes top priority for companies. In light of the most recent technological developments and cybernetic threats, development of new technologies has raised the level of security concerns, while IoT prevalence further intensifies the risks. Thus, 2017 is expected to observe the emergence of Security as a Service, offered by specialized security BPO service providers. Enterprises and outsourcing agencies will strive to protect their data, regardless of its size and location. According to a study conducted by PwC and focusing on cybersecurity and privacy matters, "many organizations are pursuing emerging technologies to develop new products, services, or ways of doing business. However, companies don't always consider the emerging cybersecurity threats that could impact these systems after they're implemented. PwC can help you design transformation strategies with security in mind from the very start, with the foresight to help you see what's on the other side of the leading edge.

Because you don't WannaCry anymore

Among the most recent strike of hackers, the ransomware attack known as WannaCry first struck on Friday, May 12, 2017 and as stated also in the PwC study, "by the following Monday, it had reached more than 200,000 computers in 150 countries. Although we still don't know all the details, it's clear that some organizations were victimized far more severely than others. The news of this episode reinforces a view that we at PwC have promoted for a long time: Effective protection against cyber-attacks has less to do with any particular technological factor, and everything to do with proactive risk management in general." The PwC experts added: "We expect there will be more attacks because the techniques and exploits used to distribute WannaCry were only recently leaked to the world in April 2017 (allegedly from the National Security Agency by an anonymous group called Shadow Brokers). Similar documents (allegedly originally from the Central Intelligence Agency) were published by WikiLeaks in March 2017, and there will probably be more such leaks, not just in the U.S. and Europe, but in countries around the world. Every breach will empower independent parties with tools heretofore held by governments. Ransom, blackmail, surveillance, shutdown, and data manipulation are all more feasible than they were only a few months ago. Lessons learned There are lessons to be learned every time whenever something of these proportions happens.

First, according to specialists of PwC, the need arises for a robust digital hygiene within organizations and individual use. Also, as human errors are many times the trigger of these happenings, the ability to detect intrusive behaviour would also help. "Human error is still the most prevalent means of gaining access to proprietary information. Employees often unwittingly expose data to a cyber-threat actor through a fraudulent email or other socially engineered techniques, thereby giving hackers access to passcodes or other means of entry. Organizations with effective risk management practices rarely release sensitive information to outsiders inadvertently. They are particularly protective of administrative accounts and other privileged information; they make it extremely difficult to obtain the kind of data that would allow someone to take over a system. They are also attuned to detection, learning to recognize the keystroke behaviour common to intruders and isolate it in real time. The one thing they share openly is the data about the intruders they detect; collaboration among security professionals from a wide range of organizations is one of the best defences against cybercrime activity," according to PwC. The study also advises on building a thoughtful design of IT infrastructure and early adoption of cloud technology.

Also, at Outsourcing Today's latest Outsourcing Summit, Mihaela Apostoleanu, Senior Director, Oracle EMEA Business Operations, said that: "Right now, the security challenge is the focus in the software area. The weakness comes from companies. With the volumes of data and people involved at so many levels, the security data is foremost. We need to educate people how to use technologies and social media concerning security data, informing and developing protocols for permits to use the image of companies and information. This will happen alongside the using of security tools in order to identify the breaches and prevent." With the fast emergence of new technologies and automation, a general feeling among employees is that they fear losing control in this newly-changed work environment. Olivier Hecq, Head of SSC IT, Societe Generale European Business Services stated that "There is no such thing as zero risk in the new cyber world but the security issues should be in focus all the time." The opinion is shared by Liviu Lazarescu, IT Delivery Head for Romania Operations, Wipro Technologies: "More should be done in the awareness part of security. Each company has its own way of dealing with security, according to its needs. We need to address real-life scenario implementation for the benefit of finding the best security solutions." The young generation changes the entire work environment, by bringing new customs, habits and work patterns. For instance, as underlined by Mihaela Dobre, Learning & Development Manager EMEA, Stefanini, the young generation is very keen on work flexibility, which also implies working from home. "And working for home is a sensitive option, at many levels, including the security matter. "

Representing CIMA - Chartered Institute of Management Accountants, Daniel Idzkowski, Associate Director – Global Corporate Relations underlined the need to better address the real digital threats: "We need to address cybersecurity, designing and implementing Cybersecurity frameworks, cyber maturity assessments; organisational design for cybersecurity; Cloud security; design and rollout of cybersecurity processes such as Incident Management, Intrusion Detection, and Security Monitoring. Also, concepts such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing should be implemented and put on the first-page of companies' agendas." Money hurts According to a report issued by Accenture - "Building Confidence: Solving Banking's Cybersecurity" - many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defence.
The report was based on a global survey of 275 senior security executives across the banking and capital markets sectors. It found that 78 per cent of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51 per cent, 51 per cent and 50 per cent, respectively). However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36 per cent) were successful, meaning at least some information was obtained through the breach. In these instances, it took 59 per cent of banks several months to detect breaches that occurred.

Additionally, nearly half (48 per cent) of respondents cited internal breaches as having the greatest cybersecurity impact and 52 per cent indicated a lack of confidence in their organization's ability to detect a breach through internal monitoring. "Bank executives are clearly confident when it comes to their cybersecurity capabilities, but there is still much work to be done," said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience, Accenture Security. "Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyberattack practices. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks' job as difficult as possible." While banks' security teams detected a high number of each company's breaches, virtually all (99 per cent) of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.

According to the report, developing and implementing the right governance model to drive a holistic approach to cybersecurity is critically important in strengthening a firm's external and internal defence capabilities. Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other. Banks expect cybersecurity skills shortage The research also points to several areas where respondents foresee a significant skills shortage, including end-point / network security, incident response and vulnerability management (cited by 61 per cent, 53 per cent and 53 per cent, respectively). Thompson added: "Banks have traditionally prioritized their cybersecurity investment around building higher, more secure walls.

But this has often been to the detriment of their internal capabilities. While defending the perimeter is crucial, it's often the people inside the walls that present the biggest risk, but also the biggest weapon in the fight for resiliency." Half of Romanians fear that someone could control their smart devices In the wide and dissimilar world of individual consumers, according to Bitdefender, one of the leading digital security solutions in Romania and worldwide, around 46 per cent of Romanian users are concerned that a potential attacker could take over or control the smart devices they use every day, which exposes them to identity theft, espionage and invasion of privacy. According to the survey conducted by iSense Solutions and ordered by Bitdefender, findings showed that Romanians keep up with the latest in technology and buy different gadgets of the latest generation; 70 per cent of them already own a smartphone, laptop, tablet, smart TV or computer desktops, but almost a quarter of the townspeople hold also gadgets of next generation such as smart watches (24 per cent), surveillance cameras on their dwelling, or child connected to the internet (21 per cent), e-readers (20 per cent), game consoles (15 per cent) or fitness bracelets (14 per cent).

Within this landscape, 43 per cent of survey participants said that they are afraid of outside intruders which could steal their private information stored on the smart devices - photos, videos, programs and personal documents - and a quarter are concerned that a stranger could turn on the web camera or the microphone of different devices and record everything that happens in privacy. According to experts in cyber security at Bitdefender, these vulnerabilities allow attackers to easily compromise the home-based Internet network, relying on the fact that many users are not aware of the dangers they face being surrounded by smart devices connected to Internet. Most of the problems identified are common and already known, the experts say, some for more than four years. This shows that the devices' producers are not interested in running complex security algorithms nor in constantly varying the software updates, even though some gadgets have long lasting service lives.

Typically, the access credentials are very weak, so that attempts to break the passwords are successful in an average of one out of four cases. The study also shows that Romanian users are not keen in updating their operations systems installed on different devices, even if they use some of them frequently, such as smartphones or computers. Hence, 20 per cent of laptop users and half of smart TV owners haven't operated an update to their software to the most recent version, blaming the lack of time or technical knowledge. "In the absence of such updates, the Romanian users should be aware of the fact that access to personal data can be easily achieved," said Bogdan Botezatu, cyber security specialist at Bitdefender. He added that smart devices collect enormous data volumes, from location, habits, lifestyle and behaviour, to passions, beliefs, health status or political views and considering that an intruder could have access to all these data, the worries voiced by users are valid.

Bad habits die hard

More than half of Romanians use the same passwords for all accounts and devices while 29 per cent use several passwords changed at certain period of times. The specialists in cyber security warn of the risk of using the same password, mostly formed only by letters and recommend replacing them with combinations of letters, numbers and symbols, as well as changing them on regular basis. According to data, the number of devices connected to Internet beat the milestone of six billion units registered at the end of 2016 and the estimations show that the industry will continue to develop in this direction at a fast pace. The iSense Solutions study has been developed following a survey conducted in Romania, US, UK, Germany, France, and Australia at the end of 2016 and questioned over 2,000 respondents, with a trust level of 95 per cent and error margin of five per cent.

Also in 2016, about one third of Romanian Internet users (31 per cent) provided online personal data, half the registered average at the level of the European Union (UE), which stands at 71 per cent, as revealed in the results of a study developed by Perceptum research company. According to them, last year, only 15 per cent of Romanians who surfed online refused to provide personal data to be used for advertising purposes, as compared to an 80 per cent European average. The same percentage of Romanian Internet users limited access to their personal profile or their own content placed on social networks, as compared to a 40 per cent average of the EU. Only four in ten Romanians (38 per cent) are aware of the existence of these files and the data they offer: valuable feedback on user preferences in terms of shopping, information sources, vacations and more.

According to the cited source, at 2016 levels, nearly 24 per cent of Romanian Internet users have read the privacy policies of sites (37 per cent the EU average), and 70 per cent of those who surfed online have done so from mobile phones or smartphones and 26 per cent from tablets. The data used in the specialized research were issued by the European Statistics Office (Eurostat) during December 2016 - February 2017. Sensitive industries require even more protection and this is more visible in the case of industries that also act as strategic sectors, such as energy.

No wonder that lately, more and more partnerships and memorandums of understandings have been signed between large organizations and IT solutions providers. In April this year, Atos and Siemens announced they had entered into a Memorandum of Understanding (MOU) and will leverage their portfolios to help customers establish an integrated first line of defence against cyber-attacks. Siemens and Atos work together in the area of cybersecurity for industrial companies, providing customers in the manufacturing and processing industries with comprehensive security services and products, the companies said in a press release. The Atos and Siemens partnership in the US is part of a global agreement around cybersecurity including common go-to-market and shared research and development efforts to target Information Technology (IT) and Operational Technology (OT) security for any market.

As utilities increasingly use software to become more efficient and reliable, there is a corresponding need to boost cyber defences – going beyond compliance regulations to secure operations. In oil and gas, digitalization brings a convergence of IT and OT connectivity that enables data to travel from the field, to the control room to the enterprise network – underscoring the need for a unique set of solutions to address the crossover between IT and OT.

A recent study from the independent Ponemon Institute shows that nearly 70 per cent of US oil and gas cyber managers said their operations have had at least one security compromise in the past year, resulting in the loss of confidential information or OT disruption – highlighting the need for the oil and gas industry to increase its cyber defences. "We are pleased to have the opportunity to expand the Siemens and Atos relationship as US utilities, oil and gas industries are realizing the extent of cybersecurity challenges when moving into a digitized and connected ecosystem," said Michel Alain Proch, Group Senior Executive V.P. and CEO North America, Atos. "With our combined end-to-end suite of solutions and innovative approaches to security analytics and better detection and response capabilities, customers will see tangible advantages in cost and risk reductions, as well as enhanced performance and flexibility gains.As the energy industry benefits from digital technologies and solutions, there is a need to guard against growing cyber threats. This new cooperation is part of our broad effort to deliver cybersecurity solutions to America's energy sector. By bridging operational technology and information technology capabilities, we can strengthen our customers' defences against costly and disruptive attacks," said Judy Marks, CEO Siemens USA and Executive Vice President of New Equipment Solutions for Dresser-Rand.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
Smartree: Software development field interests Romanians living abroad

Romanians abroad wishing to return to the country could be attracted by the IT domain, and more precisely the software development branch, according to a study conducted by Smartree.

 Read Full article »
Norwegian software developer leases 4.200 sqm in Iulius' Unites Business Center 3

Iulius Company and Visma Software, a Norwegian developer of business management software solutions, have signed a lease agreement for office premises within the United Business Center 3 (UBC 3) office building

 Read Full article »
Oracle hires 1000 sales representatives to boost cloud services in EMEA

Oracle announced 1000 new jobs in Europe, Middle East and Africa. Under the Change Happens Here banner, the company is hunting for the next generation of ambitious, driven, digitally savvy Sales Representative

 Read Full article »
Academy Plus programming school opens at Bucharest with 120 available places

ACADEMY+PLUS, the free of charge programming school launched three years ago at Cluj in partnership with École 42 in Paris, opens also at Bucharest with 120 available places to those who want to learn programm

 Read Full article »
AI to drive GDP gains of 15.7 trillion dollars with productivity, personalisation improvements

Global GDP will be 14% higher in 2030 as a result of AI – the equivalent of an additional 15.7 trillion US dollars, a recent research report of PwC states. This makes it the biggest commercial opportunity in

 Read Full article »
TotalSoft appoints Adina Gurgu as Chief Technology Officer

TotalSoft, one of the leading ERP and financial solutions providers internationally, announces the appointment of Adina Gurgu as Chief Technology Officer (CTO), who will be starting August responsible with spea

 Read Full article »
Czech ALEF Group acquires local company and enters Romanian market

Czech IT systems and equipment supplier ALEF Group announced it had acquired Romanian peer company Likeit Solution for an undisclosed sum.

 Read Full article »
3Pillar Global expands with third development center in Romania

US-based IT services provider 3Pillar Global will open the third development center in Romania this August, in Iasi, to be locatedin Moldova Business Center.

 Read Full article »
DB Global Technology reaches 800 people, 150 people joined this year

B Global Technology, Deutsche Bank's technology center in Bucharest, has reached the 800 staff milestone, with over 150 people joining the team in 2017.

 Read Full article »
Regional operations centers give Romania's real estate market a boost

With a 4.8 per cent GDP growth in 2016 and the highest estimated growth rate in 2017 among EU member states, Romania has become an increasingly attractive destination for regional operations centers.

 Read Full article »
 
MOST RECENT VIDEO
 
 
MOST READ ARTICLES
» ROMANIAN OUTSOURCING AWARDS FOR EXCELL...
» EY: Work-life balance has become more ...
» Stefanini officially launches the offi...
» AI to drive GDP gains of 15.7 trillion...
» Romania ranks second in Deloitte's CE ...
» Welcome onboard!
» Exclusive OT print issue: Genpact may ...
» GM to open a call center at Bucharest
» Bombardier: from Bucharest subway to t...
» People in Shared Services and Outsourc...
 
EDITOR CHOICE
EY: Work-life balance has become more difficult to be managed by one third of full-time employees in 8 large countries

EY's global survey of full-time workers in eight countries finds that one-third say managing work-life has become more difficult, with younger generations and parents hit hardest.

 Read Full article »
Welcome onboard!

By 2020, some 200.000 people are expected to work in business shared services in Romania, doubling the current employment portfolio enrolled in more than 120 companies operating BPO, SSC or ITO services. Howeve

 Read Full article »
Thierry Blain, SG EBS: Bringing teams to the next level

The journey of Societe Generale European Business Services began with the need for a strategic location to sustain and transform European operations of Societe Generale Group. The purpose was, from the early da

 Read Full article »
TELUS International Europe: Issue 3 - Customers First magazine! Strategy and innovation in travel and hospitality

The third issue of our Customers First magazine is now available! The latest edition is all about travel and hospitality, featuring insights from industry experts and top brands like JetBlue, Turo, Joie de Vivr

 Read Full article »
The future is now - Review of Romanian Outsourcing Summit, 2017

Romania delivers services in 25 languages with more than 100,000 specialists employed in the outsourcing industry and business services, and based on an estimated growth of 15-20 per cent, it is estimated to re

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events