On October 24, 2017, Deloitte welcomed AmCham Belgium members in their brand new offices and shared their experts’ knowledge on the very hot topic of cybersecurity during a Lunch & Learn session.
In the first six months of 2017, 791 breaches were identified in the US alone. 2017 has also seen among the biggest cybersecurity disasters, from important ransomware attacks, such as WannaCry or Petya, to major data leaks.
While emerging technologies offer tremendous opportunities, they raise new challenges and present great risks. Here’s an overview of some of the main technologies currently being used and some of their vulnerbilities:
From Software-as-a-Service (SaaS) to Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS), more and more companies are moving away from local solutions to online systems. While the many advantages are obvious, most of the users are unaware of the risks. Storing data online requires a compliant and reliable provider. Contracts with the service provider should be transparent and assure that the data they store will not be used in any other way than the original purpose. From a company’s point of view, it is also important to know so it can in turn inform its own customers how their data is used.
Internet of Things (IoT)
Internet of Things allows objects to be sensed or controlled remotely across existing network infrastructure. While the connected devices collect useful data, they can also be prone to hacking. Their vulnerability lies in the hardcoded identifiers, easily cracked but complex – or even impossible – to change. In some cases, such as medical devices or healthcare data, cybersecurity goes way beyond the protection of personal or financial data; it can be a matter of safety, or even life or death.
“Big Data is the new ‘raw material of business’,” said Kenneth Cukier, Data Editor at The Economist. Data is collected and analyzed constantly, and represents a critical enterprise asset. Sometimes, this shifts the focus of attention to the performance and collection of the data at the expense of security. The bigger the volumes available, the harder it is to protect and monitor it. Another major issue with Big Data is that users lose control over their data; they don’t always know what data is used and how. Even if originally collected to be used in an aggregated way, powerful analytics solutions can link data sets, sometimes in combination with publicly available information, and reveal much more about a person, to the point of identifying or profiling them.
GDPR: A first step towards security
The EU General Data Protection Regulation aims to strengthen the legal framework for the protection of personal data. All companies operating in the EU will need to implement the necessary changes to be compliant with the new Regulation by May 2018, otherwise exposing themselves to the risk of heavy fines. Whereas this might seem like a challenge, it is also a great source of opportunity for businesses. In order to be prepared for the new Regulation, companies will have to clean up their data. That will allow them to know exactly what they can or cannot use, and consequently get rid of what they don’t need. Reducing the volume of data at your disposal also means that you have less data to protect.
Of course, from a user’s point of view, the new Regulation is key to ensuring privacy, at a time when the concept of ‘privacy’ has shifted from “limiting access to my data” to “having control over my data”.
Is that enough?
The GDPR will give a great push for companies to review their infrastructure and processes. However, cybersecurity goes beyond that. Companies need to think about four different aspects:
- Strategy and Governance: How does your company organize and plan its ‘cyber’-journey on an executive level?
- Being secure: How does your company protect itself against known and emerging threats?
- Being vigilant: How does your company monitor what is happening within its ‘ecosystem’?
- Being resilient: How does your company react to/recover from cyber incidents?
By working on those facets, companies should be able to overcome major risks and maximize technology benefits.
Technological advances open more and more doors to progress, but also windows to vulnerabilities. Whether on a personal or professional level, we need to make sure to lock behind us in order to avoid bad surprises. Reports, like Deloitte’s TMT Predictions, can be useful in identifying future trends and help organizations better prepare for potential risks.