22 Mar Cybersecurity: why the odds seem to be in favor of criminals?
The bell tolls for you … but you can still it, act now.
As we are moving rapidly into Spring 2021, news of Cyberattacks is continuing to hit the front pages. Among others, it seems that the revenues of ransomware, as far as they can be estimated, have tripled in 2020, not to talk of the side financial effects due to the disruption of operations and the poor image.
At the ECA, however, we are convinced that CISOs and CIOs do their best to prevent the success of Cyberattacks. So why the odds seem to be in favor of criminals?
One important reason is certainly the extension of what we call « attack surface » (the exposure of information systems to hacking). Two factors are quickly expanding the attack surface: the generalization of work mobility, and the extension of IT in industrial processes. In this issue, we will cover the first factor.
As we go to press, our attention has been caught by a report of the French company PRADEO, a venture specialized in endpoint security. Endpoint security is about all the devices, laptops, tablets, smartphones, that homeworkers and nomad workers use to connect to their company’s information system. PRADEO has analyzed millions of reports and of devices and found that a lot of these devices, either are poorly protected against attacks, or even have malicious code sleeping in them, such as data exfiltration tools, or compromised Apps.
Does that mean that there is no future ? that the bell will toll for long? At the ECA, we have an opposite view. We think that applying good security architecture rules really protects systems. Of course, as rules get complex, in a sense they open new fault possibilities, and that’s probably what makes the job of hackers successful. However, good security architects do exist and can reverse the trend, providing their organization accepts to be vigilant on rules enforcement and to recur to the right tools.
Rules enforcement: as SolarWinds has shown, the first hacker’s entry point was probably a very simple dummy password that remained in the system after the user had gone.
Right tools: that’s where European Cybersecurity comes in. European products can challenge their competitors. Examples abound where they do better.
So … the bell is ringing, yes. But the solutions are at hand.
Dominique Tessier, Cybersecurity focus group leader