More than just a necessary cross-cutting function! A central pillar of digitalization is the protection of digital resources and data. Cybersecurity should therefore be part of every digitization strategy.
Digitalization is moving ahead at full speed even as we speak. And that is right and proper because companies believe that this will enable them to design processes more efficiently, to optimize business models, to implement new business ideas, and ultimately to secure the competitiveness of their enterprises for the future. One pillar of digitalization is the protection of the new digital resources and important data from cybercriminals. If this protection is to be assured, cybersecurity should be a fundamental element of the digitalization strategy of every single company. Reality often looks very different, however.
Midsize companies in particular often underestimate the dangers posed by cyberattacks owing to a lack of professional expertise and other factors. They are reluctant to make the necessary investments, and so the Office for the Protection of the Constitution records an attack on a German company every three minutes. According to information from the IT industry association Bitkom, 6 out of 10 of these attacks are aimed at midsize German businesses. The economic losses that result are calculated at €55 billion annually, and the figure is on the rise.
But how can large corporations and midsize businesses best protect themselves from cyberattacks? What all falls under the heading of cybersecurity? Even cybersecurity experts define the term in different ways.
Cybersecurity concerns all aspects of security in information and communications technology and extends the radius of action of traditional IT security to encompass all of cyberspace. This space is made up of so-called cyber-physical systems. A cyber-physical system includes all software components with mechanical or electronic parts that communicate via a network (e.g., the internet). This view is also held by the German Federal Office for Information Security (BSI) and the American National Institute of Standards and Technology (NIST).
Relevant domains of cybersecurity go beyond the traditional field of cybersecurity operations to include data analytics, the securing of big data applications, and the secure communication and secure operation of solutions in the field of the Internet of Things, Industry 4.0, embedded computing, and digitalization.
The field of operational cybersecurity relates to the secure operation of IT systems. The operation of these systems is concerned with prevention, active protection, and the detection and countering of cyberattacks. The actions that can be taken include among others the use of intrusion detection and prevention solutions, logging and monitoring systems, and security information and event management (SIEM) systems. At the heart of these activities is a cybersecurity defense center (CDC) or security operations center (SOC) that bundles all roles and responsibilities.
Cybersecurity experts work here in conjunction with automated procedures to analyze threatening situations and can quickly and reliable interpret the relevant signs of an attack, enabling them to initiate the appropriate countermeasures.
An important part of the SOC is a cybersecurity incident response team (CSIRT). This special team responds to detected attacks so that the effects can be kept to a minimum and continuous and secure operation can be maintained. The following points must be given special consideration as indications of whether a company requires a complete SOC, including CSIRT:
- Sharply rising quantity of data in the company
- Increase in relevant threats requiring independent security resources
- Growth of the company and/or points of attack
- Lack of actions and processes for the protection of the company
- Inadequate ROI in the area of cybersecurity
- Necessity for highly effective security monitoring and fast containment of successful cyberattacks
Taking these indications as a starting point, it is possible to determine how security operations should be set up to provide you with optimal support during the digitalization of your company or with the further strengthening of your market position.
Big Data and Data Security
Although big data and the benefits that can be derived from the analysis have been known for years, German midsize business especially are lagging far behind large corporations. No more than eight percent of midsize businesses systematically collect these data.
Issues relating to privacy and data security along with corporate structure and unsuitable processes are the primary reasons why they ignore the gigantic potential of big data and the information that can be obtained by using this approach. Many midsize businesses fear especially hackers, cyberattacks, and digital fraud, as is shown by the midsize business study conducted by the Commerzbank involving more than 2,000 surveyed companies. The decision-makers view the subject of cybersecurity as particularly critical with respect to customer data: 78% of the respondents feel threatened by hackers, and 17% have already been the victims of a cyberattack.
It is especially paramount in this domain to implement the most recent regulations such as the General Data Protection Regulation so that customer data and business secrets can be effectively protected.
IoT, Industry 4.0 and Embedded Systems
In today’s world, computing plays a steadily expanding role. From cars to industrial robots to the home refrigerator, everything is networked with everything else and communicates via highly diversified services. A consequence of the many and varied communications methods used by the different IoT devices and the fast development of the devices and methods is the difficulty in defining consistent standards and security models. Moreover, the large number and incredible diversity of IoT devices offers an enormous target for attacks by exploits or malware.
The primary task in this cybersecurity domain is to secure confidentiality, integrity, and availability of data, services, and devices along the entire span of the communications path of the systems. This is achieved by methods such as specially secured networks, multifactor authentication, encryption, and certification of the hubs among themselves. Moreover, monitoring and analysis in an SOC further improve the security from failure of the IoT system when under cyberattack and of the response time to a cybersecurity incident.
Protecting a company's digital resources is essential for a sustainable digital business model. However, complete protection against attacks is unrealistic and should not be the goal of a cybersecurity strategy. Rather, it is about strengthening companies in three areas to deal with cybersecurity incidents and risks:
- Defending the organization against cybersecurity threats and attacks
It is therefore necessary to choose the right mix of measures, technologies and structures depending on the type and task of the company.
My esteemed colleague Dr. Aubrey-Derrick Schmidt, Managing Consultant at the Detecon Digital Engineering Center for Cybersecurity in Berlin, describes cybersecurity with a structured process that starts with the identification, evaluation and prioritization of risks. "Without a list of prioritized risks, you don't know what to worry about first!" The evaluation also helps to assess whether certain risks can be addressed with, as a rule, limited financial resources. "If the resource requirements are too high, or are disproportionate to the respective effect of a risk, it may sometimes make more sense to simply do without a certain feature or a certain function! This principle can be applied to most relevant cyber security domains, whether in production or in IT operations.
According to Earl Perkins, research analyst at Gartner Inc, companies cannot be fully protected against cyber attacks. He is of the opinion that it is not possible to fully protect assets or to assess the level of protection of the assets and the level of protection of competitors. Furthermore, a potential extension of cybersecurity to other core areas of digitization is foreseeable using the examples of data science and IoT. A future increase in data generated by companies is to be expected. This will solve a request for cybersecurity expertise that will also be extended to data science and analytics. Perkins highlights the need for organizations to shift their cybersecurity strategy from a protection to a detection and response perspective because threats cannot be stopped completely.
Dr. Christopher Brennan, Regional Director DACH at Skybox Security emphasizes the increasing relevance of cloud security. He notes that many companies have a hybrid network infrastructure consisting of physical, virtual and multi-cloud environments. As a result, the surface of attack becomes larger and larger. In addition, many companies find it difficult to ensure the security of their data and assets in cloud environments. Therefore, more attention should be paid to a company's cloud security strategy.
"The more things change, the more they remain the same," said French writer Jean-Baptiste Alphonse Karr in the 19th century. This quotation also applies to cybersecurity, as the introduction of a new tool or technology brings with it new vulnerabilities that could possibly be exploited by hackers.