Is your business cyber-ready?
Dr Csaba Kiss Kalló, Head of Portfolio in Connectivity, Mobility and Security at Vodafone
The results are in, and less than one-third of businesses feel that they’re ready for the future. At least, this is what Vodafone’s newly-published Cyber Readiness Barometer indicates. Intended as an insight into how businesses approach technology in six categories — operations, resilience, digital footprint, strategy, awareness and risk — the survey was conducted on 1,528 business and IT decision-makers in nine different countries, with 99 of them coming from Ireland.
“Data breaches are a growing tendency, in a large part because cloud users assume that their data in the cloud is fully secured by the cloud service provider,” said Dr Csaba Kiss Kalló, Head of Portfolio in Connectivity, Mobility and Security at Vodafone. “Education is the least cyber-ready industry, while the healthcare, technology and financial services sectors are the most prepared.”
The report indicates a lack of confidence and, more critically, a lack of preparation for regulatory chances changes which have already been implemented. Only 43 per cent of respondents surveyed in April 2018 said that they were aware of and had taken measures to comply with GDPR. The highest awareness was among technology and media companies (78 per cent), where 54 per cent of respondents had also taken action to comply. Kiss Kalló commented on the large number of post-GDPR emails, pop-up windows and cookies asking permission for information.
Dr Kiss Kalló says “We normally like to just conveniently hit okay on these requests, but if we inspect the details closer, we sometimes discover that we are giving permission for our details to be used in hundreds of different contexts and third party organisations. I hope that the Data Protection Commissioner’s office is closely watching this new approach to getting access to personal data to make sure that the purpose of GDPR is not weakened,” he said.
While many organisations are still catching up in the wake of GDPR, Kiss Kalló has noticed that cloud security is receiving more attention. “Investments in cloud security are proportional with other cyber security investments, which in general are increasing due to the recent highly mediatised attacks, as well as due to fear from potential reputational damage,” he said.
If your business does get attacked, it’s important to respond quickly and efficiently to contain the threat. “The speed of reaction to an identified attack is critical for minimising the damage,” said Kiss Kalló. “At this phase automation is very valuable for distributing protective measures for stopping the attack.”
Already, cloud security vendors are putting these automated tools into action, learning patterns of behaviour and events within the systems they protect. “They can then spot deviations from the ‘normal’ patterns and initiate action if an attack is in progress. AI is also used to collecting security intelligence from across the internet proactively and aid in speedy identification of threats. AI-based automation technologies are currently at the beginning of their maturity curve.”
Another area currently in development is edge computing, fuelled by 5G and the demand for low-latency applications. Kiss Kalló said: “The basic concept of edge computing is to create a distributed cloud where small regional interconnected data centres serve local applications. This enables significantly lower service latencies necessary for certain applications such as AR (augmented reality), robotics, connected cars, industrial machinery control.” However, network architects will need to work closely with security experts in order to build in ‘protection by design’.
“Such distributed edge data centres and the new applications come with their own security challenges, such as an increased attack surface, system safety, long lifespan of embedded technology and multi-vendor software environments.”