By Roshan Khan, Director - Technology, Amadeus IT Group
I really like this simple definition – “Cyber security is putting the pieces in place that protect you so that you can actually do more things online.”
Why does it matter?
Some time back, a security consultant apparently announced that he can compromise airplane networks, by accessing in-flight entertainment system and force a plane to briefly change course. In 3D printing industry, it seems a small deviation in the orientation of an object during printing could make up to a 25 percent difference in the object’s strength, creating a real security issue, particularly to 3D printed materials in the healthcare and aviation industry. According to a research in France, cybercriminals have been actively targeting smartphone users in Euro 2016, with 72 percent of malicious websites and 41 percent of exposed passwords being detected on mobile devices. Similarly, there are strong messages and communications, urging users around the world to be on the lookout for scams, phishing attempts and websites that take advantage of the Brexit confusion to trick people into taking foolish actions surrounding Brexit. Another thing IT team is afraid of is robot hackers (Skynet?). We don't think of teenagers or young adults as cyber security targets, but they do have items of extreme value – pictures of their bodies. And critically, they have friends in their contacts list who trust them. To a certain group of attackers, these are the items worth millions. The objective of stating all the above incidents and stories, is to make a point "Cyber Security is too important, and Cyber Crime too pervasive, for us to take an isolationist and relaxed approach to the matter."
“Businesses of all types and sizes must seek to understand what types of information they have that would be of most value to hackers”
What is happening around?
In the Apple-FBI conflict, when a federal court ordered Apple to help FBI unlock the passcode of an iPhone used by one of the attackers in the San Bernardino shootings, Apple filed to dismiss the court order and other companies, like Microsoft, Google, Twitter, Facebook, and Yahoo supported Apple. The attacks such as Charlie Hebdo have brought public support to ‘hacking for good’ groups like Ghost Security. Cheap smartphones that are being manufactured are seldom as secure or verified and authenticated as their higher-end counterparts. All these indicate a serious need for businesses to wise up and think seriously about protecting both customer and company data. Businesses of all types and sizes must seek to understand what types of information they have that would be of most value to hackers, as well as what would be most damaging to their company, employees, and customers if a breach occurs.
What options do we have?
Breaches are inevitable. They will happen. No matter the strength of your program, sophisticated hackers and careless employees can and will wreak havoc at some point. The unfortunate reality is that the bad guys only have to get it right once but organizations have to get it right 100 percent of the time. Unlike the cybercriminals, the defenders have one significant advantage, information sharing. By sharing anonymized information about breaches and vulnerabilities between members and encouraging a culture of collaboration. Traditionally, cyber security is not part of the software development curriculum at universities, but now students learn about malware, viruses, social engineering, and data security, and can earn industry certifications. Cognitive computing systems have advanced at a remarkable rate in recent years. By using tools such as data mining, machine learning, natural language processing, and human-computer interaction to mimic the way the human brain works, cognitive systems can help organizations remediate cyber threats in record time.
“The bad guys only have to get it right once but organizations have to get it right 100 percent of the time”
How can we address the issues?
Clients should ask their firms about whether they are regularly penetration tested by different firms, have segregated networks, use multiple levels of cryptography, and use an automated privileged identity management system to rotate all sensitive credentials on every system. That means you need to build a strong security incident response plan, test that plan, and make sure your business continuity plan is ready to go in case a cyber event shuts down your ability to do business. Your employees need to know what risks face your organization, and communicate what can happen if employees are targeted personally. Security must be designed from the start-before driverless vehicles are on the road, before smart meters are installed in buildings, and before a patient is given a wearable device for health monitoring purposes. Knowledge is power in the world of cyber security, and just a little insight into how hackers think and operate can better prepare you for the next potential attack and help turn the tide against cybercrime.
Founded in 1987, Amadeus IT Group is a company based in Sydney, Australia that works with the vision to facilitate the entire travel journey from door to door, whilst improving the travel experience for its customers.