David Faustino, Managing Director of Nexllence
On 25 September 2020 President Vladimir Putin said that “a large-scale confrontation in the digital sphere” would be imminent. While the ruler proposed a solution to avoid a confrontation between the U.S. and Russia, hackers (which many sources point to have links to the Russian government) were preparing a massive attack on large corporations and government agencies.
But cybersecurity is far from a “battlefield” between nations. According to public data, in 2020 were successfully attacked in Portugal some of the most important telecommunications companies, energy, law firms, among others. According to the specialized global publication ZDNET, in the same year, a Portuguese company was the target of one of the 10 largest cyberattacks worldwide. And in Spain, companies in the infrastructure management sector and insurers have had some of the most critical episodes in terms of cybersecurity. As these are some of the most well-known cases, thousands of SMEs are also successfully attacked every day.
In the business or public administration context (thus excluding the military sphere), cyber-attacks can have several objectives: (1) to demand a ransom for IS to return to operation (encrypting data); (2) cause damage to the company’s image (by stealing and exposing confidential information or by changing its communication channels such as the website, for example); (3) cause damage to a personality’s image (for business decisions, influence elections, demand ransom in so as not to be publicly disclosed sensitive information, or purely to cause reputational damage); and (4) theft of intellectual property, among others.
From the internal perspective of the company or state entity, the increase in information accumulated by organizations, private or public, requires additional concerns regarding potential leaks of information or analyses of data they have. For example, many entities permanently collect information about their customers’ geolocation through apps installed on their phones. This information can be used for extremely “noble” purposes (such as assisting a customer on a road), but the privacy limit can be easily transposed (why does person A and person B, unprofessionally or familiarly, attend the same location?), opening doors to unauthorized information.
Cybersecurity is one of the greatest threats to global stability, to the continued operation of companies and public entities, and to the image of business and political leaders. And unlike conventional threats, a country’s security forces and legislation cannot and will not succeed in a reasonable future to ensure compliance with the law.
It is therefore essential that top leaders in companies and public entities know the nature of these threats, their potential impact, develop their digital “literacy” and know the vectors for mitigating these threats, ensuring that their organisations have the right cybersecurity mechanisms.
From a simplified perspective, it can be admitted that cybersecurity is based on four vectors: (1) the security of technological infrastructures (PCs, smartphones, data centers, cloud, industrial machines, and telecommunications); (2) the security of the software used by the organization (such as enterprise ERP, websites or apps that business customers use); (3) the security of the data stored by the company; and (4) the processes and best practices of users of information systems (whether they are employees of the company, customers or suppliers).
It will be agreed among experts to say that cybersecurity has traditionally been primarily addressed from the perspective of IT infrastructure security, and that more recently it has invested in the process component (even by legal impositions such as the European GDPR). But the application and data components have, in many cases, still very low levels of security.
These four vectors are closely linked and the success of organizations in cybersecurity depends not only on the investment in each of them, but above all on ensuring that “the pieces of the puzzle fit”, so that there are no security holes.
And here lies one of the major challenges of cybersecurity: there are very few technology companies with the ability to highlight and realize a holistic vision on this subject, which can support both top management and the areas of IT, Risk and Security in the creation, implementation and operation of systems and practices that ensure the safeguarding of the interests of companies, their shareholders , and its top managers.
Source: LINK TO LEADERS