The Evolving Cyber-threat Landscape
Laws and regulations must be updated accordingly, while governments must also encourage education and enable international threat intelligence sharing. Regulation is essential so that providers can build the necessary defences.
As the Fourth Industrial Revolution opens up unprecedented business opportunities, it also increases the inevitability of a cyber-attack, and businesses need to be prepared. Not only do security measures need to be built into technology from the start, an awareness should be ingrained into company culture, while significant investment is also essential. Global spend on information security products and services will grow to a massive $93 billion in 2018, according to the latest forecast from Gartner.
While cyber-threats are a key concern for businesses across all industries, here’s what the security landscape looks like for a number of key sectors:
Banking, Financial Services and Insurance (BFSI): The BFSI sector is under growing pressure to update its legacy systems to compete with new digital-savvy competitors. The value of the customer data they hold has grown as consumers demand a more convenient and personalised service, but trust is essential. Some 50% of customers would consider switching banks if theirs suffered a cyber-attack, while 47% would “lose complete trust” in them, according to a recent study. A number of major banks around the world have already been subject to high-profile cyber-attacks suggesting that the sector needs to improve its approach to risk. Financial firms should invest in security applications that are able to adapt to the future of banking to ensure comprehensive, around-the-clock security. Shared Ledgers will feature prominently in the future of the BFSI sector, the best-known example of which is Blockchain, which forms the backbone of cryptocurrency Bitcoin. Blockchain is a database that provides a permanent record of transactions. It leaves an undisputed audit trail that can’t be tampered with, meaning it could completely transform security in the BFSI sector.
Healthcare: The digitisation of patient records completely revolutionised the world of healthcare, with health-monitoring wearables and apps bringing further improvements. What’s more, emerging technologies including AI and IoT are now being used to speed up diagnoses and improve patient care. However, the sensitivity of the data involved and greater connectivity increases the risk. Earlier this year, Experian predicted that the healthcare sector would be the most heavily targeted by cyber-attacks and the WannaCry ransomware, which temporarily crippled healthcare institutions around the world, showed just how vulnerable it can be. In this sense, the healthcare sector needs to adopt a similar approach to risk analysis as the banking sector, while a set of industry-wide standards for healthcare data systems may also be required.
Retail: The emergence of online shopping and data analytics has helped retailers to craft a more convenient and personalised experience for customers. However, with that comes a huge responsibility to safeguard their data, which could include not only their shopping preferences and login credentials, but their banking details and home address. The shopping experience is becoming increasingly connected thanks to IoT technology, augmented reality and even facial recognition — and once again, more connectivity ups the risk of a data breach. That’s why the retail sector requires a similarly robust approach to the risk of cyber-attack as banking and healthcare.
Telecom: There is a significant cybersecurity risk for telecom firms as carriers of internet data, and therefore a huge responsibility. Providers need to integrate cybersecurity measures into network hardware, software, applications and end-user devices in order to minimise the risk of a serious data breach, which could leave customer credentials and communications vulnerable. Consumers are increasingly careful about who they entrust their personal data to, providing a strong opportunity for networks that offer additional security services. In addition, collaboration between rival operators could lead to greater resilience against cyber attackers.
Manufacturing: The manufacturing sector is the third most targeted industry by hackers, according to IBM research. Being financially motivated, hackers in this area tend to concentrate on industrial espionage, aiming for the increasingly connected production line that features robotics and 3D printing. A security breach enables hackers to access product blueprints and potentially even alter machinery to sabotage production. Not only could this kind of breach have significant financial cost, it could also endanger the lives of factory workers. Manufacturing firms should be continuously scanning the production line for vulnerabilities and implementing control measures that limit access to other areas of the system if one component of the manufacturing line is breached.
Government: No organisation is immune to data breaches, not even government agencies. The data held by governmental departments, from voter details to military defence plans is incredibly sensitive and therefore a major target. While governments around the world are gradually increasing their spend on cyber-security measures and implementing response plans to deal with any security breaches as quickly as possible, there is still some way to go. Some government agencies have already started to make use of bug bounty programmes where ‘white hat’ hackers are encouraged to seek out and report potential security flaws in return for financial reward. As the number of hacks continues to grow every year, digital security is now a critical investment for all governments around the world.
In summary, while it’s important for individuals to be more mindful of cyber-security, the same awareness must also be present at an organisational level. Businesses that invest in security measures to reduce the risks of a data breach will have a competitive advantage. What’s more, the issue needs to be tackled at a country level with governments and international bodies adopting a more prescriptive approach. Laws and regulations must be updated accordingly, while governments must also encourage education and enable international threat intelligence sharing. Regulation is essential so that providers can build the necessary defences.
Disclaimer: The views expressed in the article above are those of the authors’ and do not necessarily represent or reflect the views of this publishing house