There is no silver bullet for cyber-security
This is an exclusive interview conducted by the Editor Team of CIO News with Ahmad ElGhazouly, Information Systems & Technology / Information Security Manager at PGESCo
Today’s business mindset is dominated by digital transformation; organisations across all industries have accelerated their adoption of new technologies. As a result, the term “emerging technologies,” which is the new buzz term that describes these new technologies like blockchain, artificial intelligence, the Internet of Things (IoT), 3D printing, and much more, is used frequently nowadays.
However, with the fast pace at which organisations are adopting new technologies, many organisations are failing to recognise the impact of emerging technologies on information security, which is facing new challenges when it comes to the designing, implementation, protecting, and monitoring of these technologies.
Given that massive devices sending and receiving data exist in the production environment, new evolving security threats emerge with less visibility, and cyber-attacks cause significant financial and reputational losses, as well as operational disruptions. This is why the biggest challenge is to find the balance between productivity, security, human safety, and privacy in an existing complex information security paradigm.
The challenges some of the information security are facing today:
- Internet of Things (IoT) Attacks
IoT is now a fact of life. It is everywhere—everything from our phones to our cars, from fitness monitoring to smart TVs, from the monitoring of industrial equipment to medical equipment.
Every day, the integration of the IoT into our daily routine, business operations, and processes is increasing. IoT helps organisations become more effective, but it also creates new risks and threats to critical infrastructure and services.
The Internet of Things, or IoT, is the most vulnerable to data security threats. Today, the IoT industry is the key target for attackers looking to invade the sensitive information of users.
- Remote Work
The COVID-19 pandemic has forever changed the way business operates by creating a new norm for business as usual. One of the biggest challenges is the new business demand to allow remote working as the default business operation mode. The traditional business premises no longer exist, which is why the workplace must be secured to control this new risk.
This can be mitigated by enabling secure remote VPN access and connectivity, as well as deploying solutions to increase employee productivity while ensuring secure connectivity.
- Cloud threats
Whatever the size of the business is, it is now partially or fully using cloud services that probably store, process, or transfer organisation-sensitive information.
Cost reduction and increased efficiency are significant drivers for many organisations to adopt cloud solutions; however, this comes with the risk of security breaches.
Lack of data encryption, poor user authentication, and improper cloud service configurations are considered the main reasons for data leakage.
- Artificial Intelligence
In the industrial segment, for instance, AI is changing the way normal business operates. Automation speeds up productivity by using machine learning.
AI has benefited information security because of the massive amount of data collected and processed, which allows for the benefit of recognising malicious activities. Again, this comes with its risks; the AI benefits can be turned into a weapon if used by a malicious attacker to gain access to an organization’s critical systems and data.
Actions required by Information Security teams
Proper understanding of the new technologies is very important; this includes risk assessment and evaluation of the new technology, followed by proper planning for implementation and risk mitigation. Risks are changing much faster than organisations can mitigate them. Unfortunately, there is no silver bullet for cyber-security, but there are three areas that must be carefully planned:
People
Organizations must ensure they understand the risks of any new technology they install, as this will be key to properly securing it. As a result, training and education on the new technology is a cornerstone to build on, and this is not just for technology people but for everyone involved who works with critical data and new technologies.
Although ultimate accountability will still rest with the organization’s senior management, the information security team has the responsibility to study the new technology well and evaluate the associated risks.
The primary goal is to foster an organisational culture that encourages both risk-based decision making and innovation and new technology adoption.
Processes
Establish a clear process for adopting and implementing new technologies, and this raises the importance of implementing enterprise architecture for the whole organisation to govern the changes on the technology spectrum.
The information security team must be involved from the beginning to ensure that security requirements are taken into account from the beginning. Having a well-documented and followed process with clear responsibilities increases the probability of safe technology implementation.
Technology
Technology is the simplest element of the three points; it is the last line of defense. Implement and use security technology that safeguards and protects your valuable assets.
In today’s business, adopting new technology is not an option. However, considerations should be taken to ensure that the critical assets are secured and protected in an open war with malicious attackers and against newly arising risks from the implementation of the emerging technologies.
Also read: Digital literacy is part of our society
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics