CIO Insider

CIOInsider India Magazine


Cyber Security: One Of The Most Important Infrastructures In A Company

Harish Kohli, MD And President, Acer India

The dawn of this age is a testament to the digital revolution that we are all witnessing. Digitization in almost every field has led the world to become a much smaller place. Almost everything is available at the click of our fingers, and every information is accessible through the help of internet. How did we reach this time? Thanks to the path-breaking discoveries and peoples’ will to accept changes as and when they come. But with every step forward there is always a backlash that follows. Let’s take the evolution of technology over time:

• 1980’s – Saw the birth of private internet
• 1990’s – Saw the rapid growth of internet, AOLs and email use
• 2000’s – Saw the birth of Blackberrys, Iphones, Wifi, Portable Devices, faster internet and social media
• 2010s – Saw the emergence of cloud apps, data centers, smart phones etc
With all these developments taking place rapidly, a lot of challenges are posed to this sector.

We are well aware that how internet has become a critical infrastructure for both individual users as well as businesses, hence security needs to be taken care of very seriously. Our data is vulnerable, and it takes no time for cybercrime to ruin the standing of anyone in the market. With emerging new technologies like Internet of things, Cloud, etc., it becomes extremely important to provide security to run an uninterrupted business. An end user, usually has two demands, one is privacy and the other is protection and this is a major challenge that concerned bodies are trying to curb. The possible solutions will certainly include, a reliable and secure network infrastructure, but they will also depend on trust on the part of users – both individuals and businesses – that confidentiality, secure identification, privacy and other issues are properly addressed. Security standardization also plays a key role in protecting the Internet, the communications and business it carries, and both the private and corporate users who rely on it. But in particular, the timing of standardization is equally important, or ICT needs to be secured from the start as well as for the long run. Let’s take a look at the timeline of Cyber-attacks for a better understanding:

The early attacks in the 80s utilized malware, self-replicating worms and hacking mostly for the purpose of disruption. Early attacks were limited because the internet was proprietary (ARPANET) and small and used attacks like the Morris Worm.

• In the 90s, with the advent of the real internet, email threats began, leveraging malicious links and later malicious document attachments to download malware to PCs.

• In the 2010s, many new attacks were launched leveraging the broad internet and large corporate networks. Examples of the new wave of 2010 attacks include:

• Advanced Persistent Attacks (APTs)– These were complex, multistage attacks that collect social data (social engineering), make initial infections,

download more malicious code, move laterally in your network, and ultimately extract data and quietly exit your networks

• Ransomware – Ransomware was one of the first equal opportunity attacks, attacking companies of all sizes. It is a multistage attack, but ransomware encrypts your data and asks for ransom. WannaCry in 2017 was famous for infecting more than 230,000 computers in 150 countries.

Implementing a comprehensive cyber security program leverages the best practices to protect systems and detect potential problems

• CEO Fraud – Leverages social engineering sites and spear phishing email attacks to impersonate your key executives to get mostly financial gain.

• Supply Chain Attacks – By corrupting software updates of your operating system, operations and application software, malware is automatically updated into your software. Once downloaded, any attack is possible. This attack leverages your “trust” of your vendors and typically is automatically updated on your systems.

• Crypto Currency Attacks – With the advent of high speed computers and blockchain technology, criminals are cryptojacking your servers and computers to create cyber currency at your expense. Meanwhile, criminals have launched multiple attacks on the crypto currency ecosystem to steal crypto currency.

• Cloud Application and Data Center Attacks – Faster internet has enabled cloud applications and cloud data centers. Every new application that moves to the cloud means you are trusting another vendor, their software and their security to protect your data. Users can access cloud applications and your data from anywhere as long as they have the users’ credentials. These are the challenges of the cloud enabled world and will lead to a rise in cloud security attacks.

As demand for data increases, consumers will become more aware of the threats involved and businesses will have to react accordingly, making the consumers lives easier. Data which is important needs to be secured from the grip of hackers, while at the same time data should not be restricted for end users, just for the fear of being attacked. With so much data out in the open, it is extremely difficult to detect new-generation malware and cyber threats with the existing cyber security protocols.

The future ahead
So, is Machine learning the sustainable future for Cyber Security?
To adapt over time, new algorithms have been using machine learning and these systems come with substantial benefits that would enable professionals in the cyber security field to safeguard an enterprise. At present, AI is being used most commonly to detect simple threats, and these AI systems will free up a massive amount of time for the cyber security employees. AI has the ability to categorize attacks based on their threat levels, and also identify and mitigate a threat even before it is released in the system. By 2025, AI cyber defense would be about embracing and innovating the partnership between a man and a machine to fight against hackers and solve key cyber security challenges.

What does blockchain mean for Cyber Security?
This is one of the best tools the industry has against hackers and potential frauds; due to its complex nature, wherein a hacker would have to take down an entire global network (which is next to impossible) in order to access data. Hence, blockchain technology has the ability to be the most secure form of storing and sharing information online. That’s why innovators have begun applying the technology in different sectors to prevent fraud and increase protection of data.

Defining the future of cyber security and evaluating its impact and relevance in future technology trends is a complex and error-inclined task but a compulsory one. Organizations need to invest both money and time to safeguard from threat practices. To maintain cyber security, it’s a very exhausting and consistent task, which requires ample preparation, solution implementation, and specialist assistance to control damage and recover from the breach.

Specific cyber threats and vulnerabilities which concern organizations need to be identified and responded to even before the attack happens. This would not only prevent any sort of breach but would ensure that protective efforts are proportionate with the risks. Implementing a comprehensive cyber security program leverages the best practices to protect systems and detect potential problems. Rather than implementing a checklist of compliance requirements it is always better to manage the cyber risks at an acceptable level.

Current Issue
ITHENA : Unlocking The Future Of Manufacturing Industries With Persona-Based Solutions