EC News DeskAccording to the 2020 Thales Data Threat Report, 50% of all corporate data is stored in the cloud, and nearly half 48% of that data is considered sensitive. With multi-cloud usage becoming the new norm for companies, all respondents said at least some of the sensitive data stored in the cloud is not encrypted, and 49% globally indicated that they had experienced a breach.
Having the right cloud security in place has never been more critical. As 5G networks are rolled out, IoT continues to expand, and quantum computing creeps closer to becoming a reality, organisations must adopt a more modern data protection and cybersecurity mindset.
Unfortunately, many organisations are playing catch up when it comes to cybersecurity as the digital transformation of organisations, along with the acceleration brought about by the Internet of Things, have increased the threats to our digital infrastructure.
Until recently cybersecurity was not part of the scope when designing systems, or at best, was added as an afterthought. Given the increasing risk and the stakes involved, security features must be designed and integrated into new solutions during the early stages of their development.
Doing so will avoid retrospective sticky-plaster solutions that will ultimately leave gaps in defences. Relying on a product to secure a system is not enough; we must adopt a cybersecurity by design approach that embeds cybersecurity across the entire ecosystem.
Changes and advances in technology, emerging essential skills, evolving and increasing number of threats are all top issues CISOs face. Though the set of projects, risks and cybersecurity faced by each organisation are unique, there are a set of common concerns faced by all enterprise security executives.
Cloud-related cybersecurity challenges are a significant challenge for CISOs at a time where organisations continue their process of moving more and more of their systems and data out of their legacy data centres to the cloud. CISOs are considering the benefits of adopting zero-trust policies that are used to authenticate and authorise users and devices accessing applications and networks.
More mature organisations are looking at cyber resilience and asking what happens to our sensitive data should zero-trust fail?
Another challenge CISOs face is successfully adopting an appropriate encryption strategy. Organisations mainly rely on encryption to protect data against specific, identified threats to vital business and customer data.
Compliance with regulations also plays a significant role in driving organisations to adopt encryption solutions. However, the leading challenge organisations face is the inability to discover where their sensitive data resides, which creates a barrier to building a successful encryption strategy.
Cybersecurity has traditionally been reactive and threat centric. This approach worked when organisations were able to secure their critical data in data centres, they owned and managed. But digital transformation, globalisation, cloud, and workforce mobility have spread data and users far beyond the perimeter of easily walled-off office networks and data centres.
The next five years of cybersecurity is going to focus more on behaviour-based systems that can anticipate data breach and loss incidents before it occurs faster and more effectively with the help of machine learning and artificial intelligence.
Instead of mitigating the damages after breaches, these solutions will help in preventing data losses from happening before they even occur. Improving automation is also becoming a critical factor amongst CISOs, as it presents a substantial advantage in cybersecurity in terms of efficiency and resources.
Encryption will also become more prevalent. Techniques like homomorphic encryption are already becoming more widespread, enabling data that is encrypted but is still searchable and we are moving towards a point where all communications will encrypt as standard, albeit slowly.
Cloud security is another area where we are making advances. Having the right cloud security in place has never been more critical. As 5G networks are rolled out, IoT continues to expand, and quantum computing creeps closer to becoming a reality, organisations must adopt a more modern data protection mindset.
While many governance issues will remain, we should see some advances in the standardisation of cloud regulations to address the critical security issues. This will provide transparency around cloud providers’ security practices that relate to their clients, removing the dilemma for a CISO of transitioning to the cloud.
When we think of the vectors of attack that we might see evolve through to 2025, it is likely we will start to see a shift from the theft of sensitive data to more integrity attacks, attacks where data is still present, but it has been altered or changed. This can have significant impacts on financial markets and transactions that are based on data.
It is here we will see de-centralised technologies like Blockchain having the potential to play a significant role over the next few years in mitigating such attacks. Indeed, artificial intelligence could also provide a vital line of defence in combination with Blockchain.
Future skills
We continuously hear about the global lack of cybersecurity skills. Though the gap is slowly closing in some disciplines, especially those related to governance, risk and compliance, we still are lacking the in-depth technical knowledge and skills to understand and defend against sophisticated attacks.
The areas of expertise organisations should be recruiting or developing to address this gap are coding, machine learning, reverse engineering, forensics, threat analysis and incident response because there is a small subset of the cybersecurity community that can adequately complete these tasks.
Product suite
Thales has established a cybersecurity competence centre in Dubai that supports a diverse range of Thales cybersecurity products, platforms and services. The regional competence centre allows us to tailor our solutions to local needs by using local expertise, with the ultimate aim of enabling local businesses to adopt a more agile and proactive response to customer needs.
The centre extends Thales reach as a global cybersecurity provider, delivering cyber transformation programmes across critical national infrastructure, defence and aerospace. Thales supports over 140 of the world’s largest and most complex organisations, mastering their cyber challenges and delivering tailored solutions to address their specific cybersecurity needs. The Thales Cybels portfolio provides market-specific cyber solutions allowing customers to embrace their digital future.
Thales’ end to end portfolio extends across the critical areas of cybersecurity:
Governance
Understanding cyber risk exposure, through the analysis of the latest cyber threats, for specific market verticals and the implementation of strategic roadmaps to mitigate risk and deliver an effective response in the event of a breach.
Vigilance
Real-time monitoring of systems, networks and devices, ensuring an alert security policy and capability to detect, analyse and respond to attacks.
Design
Ensuring that software, products and systems have security built into the design at all stages of the development lifecycle, through constantly checking for vulnerabilities and testing against all potential exposure scenarios.
Assurance
Delivering regular assessment of cyber maturity, including people, processes and products.
Insight
Strategic threat intelligence offering market-specific analysis of the latest threats, helping organisations understand their exposure to the latest, most common and severe external threats.
By Neil McElhinney, Head of Critical Information Systems and Cyber Security, Thales Middle East.
