Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Top 6 on the cyber watch list

Paul O’Rourke, EY Asia-Pacific Cyber Security Leader | March 30, 2016
EY's Paul O’Rourke talks about top cyber security trends that should be on every business’s watch list.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

The nature of cyber threats has evolved as cyber attackers continually change their tactics, become more persistent and expand their capabilities and skills. Today, cyber attackers are finding new and better ways to take advantage of the rapid expansion of digitisation and the increasing connectivity of businesses. As organisations strive to understand and address cyber security, these are a few trends that should be on every business's "watch list":

Cyber threats from the interconnected world
The sophistication of cyber attacks is increasing, especially regarding attack routes, which are growing exponentially due to the rise of the Internet-of-Things (IoT). Long gone are the days of the client-server architecture and limited Internet access gateways, which was relatively easy to protect, with mobile, social media, customer and supplier ecosystems.

Now, with the IoT, everything is connected with everything else. Previously disconnected systems - things -- are now becoming Internet-enabled, and "channel -hopping" from one system to the next is a real threat to organisations. Approaches to cyber security will need to encompass the IoT. For example, the Security Operation Centre (SOC) will need to extend its coverage to include the IoT, and it should be subject to security reviews and penetration testing.

Growth in digital identities

The dramatic growth in the IoT means that organisations must rethink how they recognise and treat identities. Up to relatively recently, identities have all been associated with real people. To manage these traditional identities, organisations maintained directories -- simple lists of staff used to decide who should have access to what. The same approach has been used with customers, suppliers and third parties. 

Now, with "things" are in the mix, and they may be owned and governed by different entities, the "directory lookup" function no longer applies. Instead, new collaborative trust models will need to be developed to enable trust to be shared from one IoT device, which has a high degree of trust, to another. This approach will require organisations to establish robust data ownership and date protection policies.

Hyper-regulation creates more complexity
Hyper-regulation for all sorts of issues related to cyber security will make the compliance landscape even more complicated. This will not necessarily lead to better cyber security for many organisations, given the differences in regulation across jurisdictions.

For example, with the demise of the (Safe Harbor) agreement between the EU and the United States, it is likely that EU nations will develop separate regulation on data privacy over the next year, which will result in additional challenges for organisations covering many jurisdictions.

In addition, regulations around breach reporting, checks on cyber security maturity, and expectations of cyber exercises and incident response planning are proliferating, with little consistency across jurisdictions. The danger is that organisations will become so focused on complying with different requirements across jurisdictions that their ability to develop an overall strategic and balanced approach to cyber security improvements across their business will be jeopardised. 

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.