Not so long ago, the biggest threat and the greatest source of concern for cybersecurity professionals was the computer virus. But the threat landscape is constantly evolving and now there are many more things to guard against.
In large part, that growing complexity is being driven by the astronomic rise in the number of digital connections in daily life. Every business is now part of a digital ecosystem and their customers lead increasingly digital lives. While the advantages are almost countless, it also engenders vulnerabilities.
By 2022, there will be as many as 18 billion devices connected to the Internet of Things, according to Ericsson’s IoT forecast. They’re the bedrock of the Fourth Industrial Revolution and Business 4.0 – where data and automation combine to create opportunities for businesses, while also enhancing customer experiences.
While the benefits are clear: faster innovation, new products, and better business opportunities, connection on such scale also creates cyber vulnerabilities that expose customers to risk because each device and each connection represents an opportunity for a would-be hacker to infiltrate a corporate network. With 31% of organizations saying they have experienced attacks on operational technology infrastructure, this is a very real danger.
Once breached, an enterprise IoT network can be hijacked and used to launch a botnet attack, with each connected device under the hackers’ control. They can be used to spread viruses, like the NotPetya and WannaCry attacks which almost brought an entire country to a standstill and put lives at risk by shutting down hospitals.
There’s also the potential for nightmare breach scenarios, for example where hackers take control of a city’s civil infrastructure. Or even that of an entire country.
Today’s estimates of the damage caused by cyberattacks are around $3 trillion annually but by 2021 they will have risen to over $6 trillion. According to World Bank estimates, by 2030 a total of 0.5% of the world GDP will be used on cybersecurity. Here are three considerations for those engaged in maintaining robust enterprise security.
1.Understand chain reactions in digital ecosystems
Former US Secretary of Homeland Security, Kirstjen Nielsen, said: “Hyper-connectivity means that your risk is now my risk and that an attack on the ‘weakest link’ can have consequences affecting us all.”
The warnings to consumers using smart home devices is clear – use security software, change your passwords, install patches. The advice to the enterprise is similar. Don’t assume that everything is ok – make sure it is. Regard all the smart, connected devices in an extended network as potential weak links and act accordingly.
Every organization should ensure there are adequate security systems in place for its own operations, of course. But that’s no longer enough. Today’s enterprise needs to look beyond its own horizons and ensure that the entire value chain is protected. Particularly if there are digital links between suppliers and partners.
2. Artificial Intelligence can augment cybersecurity
There is a dizzying array of digital connections between an enterprise organization and everyone in its immediate and extended network. From employees’ smart devices to the IoT, from customer-facing websites to online contact centers, and more. Cybersecurity has evolved into a complex landscape of network security, vulnerability management, threat hunting, phishing detection, and more. And that’s just scratching the surface.
Confronted with such a complex and interwoven threat landscape, relying on people and manual processes alone is a very high-stakes gamble. Automating as many routine processes as possible and deploying AI to spot trouble is a far more effective approach.
As TCS’ Satish Thiagarajan shared, AI and machine learning can be used to help counter phishing attempts, by highlighting patterns that are synonymous with attackers. AI programs can sift through large volumes of data to identify pattern anomalies, recognize or detect and even diagnose intrusions before they morph into cyberattacks.
AI can strengthen access security protocols by enabling the monitoring of activities of the numerous users logged into a network through access control. And once those users are in the system, AI can spot unusual activity across an entire network in real-time, raising alerts or even locking people out automatically. That will, of course, require detailed rules around access management and definitions of what might constitute unusual behavior – for that, enterprise leaders will need their smartest people working in conjunction with AI and automation. Financial firms are leading the use of AI for email monitoring to mitigate data breaches and phishing attacks.
3.Predict your own failings
Rigorous testing and preparation are key to any robust crisis-management strategy. It could be as mundane as testing the fire alarms in an office building or getting emergency services to practice their response to major incidents.
The same outlook works for enterprise cybersecurity, too.
Predictive analytics tools and tame hacker bots can probe a system’s vulnerabilities, identify flaws, and patch software where needed could be the future of cybersecurity. Tools being developed include attack graphs with military-style capabilities. The same core technology that is used to predict shopping trends, can shine a light on where the vulnerabilities are within a network and what will happen in the event of a breach.
Machine learning and AI can be deployed to analyze masses of data relating to known cyberattacks and then plot the predicted outcome of any future attack. The more data that is fed into these tools, the better able they are to discern patterns in cybercriminals’ activities and forecast what the next attack might look like.
Some genies can never be returned to their bottles. The growth of connectedness in business, and in people’s private lives, and the number of enterprises embracing the purpose of technology to go beyond business enablement, all point to this. As 5G networks continue to come on stream, leading to the proliferation of connected devices – plus smart homes, smart vehicles and smart cities – the scope for hackers to exploit vulnerabilities will grow.
The combination of the latest tools, such as AI, with an appreciation of how important it is to look at enterprise networks holistically, may help. Each network contains many points of connection – devices, computers, and so on. But each of those networks is now a point of connection in a larger digital ecosystem, and it is that which now needs to be the focus of attention.
About the author(s)
Business & Technology Services
TCS’ Business and Technology Services organization combines the power of business excellence with digital innovations to help enterprises and leaders be purpose-driven and performance-oriented, making the shift from shareholder value to stakeholder value. By harnessing the abundance of data, talent, connectivity and capital, B&TS helps leading companies around the world build ecosystems that fuel growth and innovation, foster collaboration and engagement across ecosystems, improve health, safety, and well-being, enabling empowerment and inclusivity, and driving sustainability and positive environmental impact.