If you thought that the first day of the CYBERSEC Global 2020 was exhilarating, then the second day of the virtual conference was no less than breathtaking. With distinctive speakers from both technological and political backgrounds on board, the conversational focus was highly on matters concerning the importance of data in business and defense sectors.
Apart from the engrossing and informative key notes delivered by Annegret Kramp-Karrenbauer, Federal Minister of Defence of Germany and Samir Saran, President of ORF – India, for defense and business streams respectively, other panel discussions that interested the attendees was the human negligence in cybersecurity, challenges of a data driven economy, the future in zero trust model, the emergence of 5G and the bureaucracy behind information warfare.
So let us take a brief look at some of the individual perspectives and important discussions of the day that will give us deeper insights on the underlying threats and responsibilities in the cyber space.
Data is Worth More than You Think!
Looking at company valuations in the current digital economy, technology has clearly outgrown largest sectors such as the oil and gas industries. However, this exposes the most valued asset of businesses today – Data. It would be naive to believe that this new strategic resource could go unnoticed by adversarial actors and the news we hear daily is the most visible proof.
Data is a valuable strategic resource for both, cybercriminals and businesses alike. Threat actors want to steal, encrypt, sell and/or get ransom for it. But this data, if harnessed properly, also forms the basis for business and military intelligence, which in turn is an important reason over which cyberwarfare takes place. In these settings, the strategic targets have shifted from oil resources to digital assets that can be attacked from remote locations.
“Data is being harnessed by both, public and private domains for useful purposes, but its cybersecurity is a huge question mark that we need to answer.”
– Dita Charanzová, Vice-President, European Parliament
Human – The Weak Link
The single point of failure – as Andrzej Dopierała, President of Asseco Data Systems Management Board pointed out – is humans. A social engineering attack is a psychological manipulation of people into performing malicious actions without their knowledge. It includes phishing emails and statistics suggest that 98% of cyberattacks were found to be based on this form.
“It’s much easier to use psychological tricks to make a person click a link to gain access than to break through firewalls and other security measures. It saves time!”
– Andrzej Dopierała, President of Asseco Data Systems
Targeting the Vulnerable
Global scenarios such as the COVID-19 pandemic showcased how cybercriminals and adversaries can rapidly adapt to the new circumstances. The amount of pandemic-themed cyberattacks rose exponentially in the first few months of the pandemic. This is what all involved in cybersecurity need to stay ahead of – not only to avoid attacks, but also to provide business continuity.
How? Answering this question Flavio Aggio, CISO at WHO, clearly states two strategies – implementation of zero-trust policies and cloud migration. He noted that organizations such as WHO, which migrated to cloud technology ahead of the pandemic, had a smooth transition to remote work. Zero-trust policies ensure that the security is difficult if not impossible to breach easily even with most employees working from outside of the secured office environment.
“Post pandemic we need to move towards a Zero Trust model. There is no doubt that this along with cloud is the future of technology and businesses.”
– Flavio Aggio, Chief Information Security Officer, WHO
Aggio added, “The information war is a deep and growing concern even for WHO. To counter this war many have invested a lot on technology but development in technology should consider the human factor and should be human-centric instead of just business-centric approach.”
Defense for Defense Forces
It is evident from the disruption caused that businesses need to think of their defenses. However, this is not the only sector that needs to be wary about it. Nation-states it seem are at an equal or even greater risks of cybersecurity.
“It is not enough to provide state-of-the-art IT security solutions alone, but we need to understand and establish a separate cybersecurity command/wing for military, which will solely concentrate on fortifying our cyber defenses.”
– Annegret Kramp-Karrenbauer, Federal Minister of Defence of Germany
The European Union already acknowledges the plans to maintain digital sovereignty with the establishment of GDPR and annulment of the EU-U.S. Privacy Shield framework. Annagret Kramp-Karrenbauer, Federal Minister of Defence of Germany, rightfully summarized five plans of action for defense forces in Europe:
- Using trustworthy technology from specialized service providers
- Building up key technologies
- Maintaining core command and control capabilities
- Increasing innovation capabilities
- Promoting digital consequences
5G is another exceptional technology for business and modern battlegrounds. Following Riho Terras – a European Parliament member and former Commander of the Estonian Defence Forces – although previously new technologies originated in the military and were populated to general users, the technology developed after the Internet invention worked the other way around. This creates a challenge for 5G that enables technologies such as Artificial Intelligence, Virtual and Augmented Realities and Autonomous Weapons on battlegrounds, but on the other hand have a lot of holes and backdoors since they were not designed with military standards.
The benefits that defense forces could gain outgrow the challenges of using 5G, however the technology needs to become secured as it will also become a part of strategic infrastructure. The 5G end-users can benefit from these circumstances with higher levels of privacy and security, building trust in using it.
A certain way to lead conflicts is information warfare. Whoever knows more on the battlefield, gains advantage. This old ideology is exploited in a new manner today, using the open character of social media to spread misinformation and effectively create circumstances to suit one’s agenda. We are witnessing it even now, in the re-ignited conflict between Azerbaijan and Armenia over Nagorno-Karabakh, where social media is used to spread different narrations.
“Media is a strong medium through which misinformation can be spread easily. This in turn can reshape the minds of masses against their own country. This is dangerous and needs to be monitored, stopped, and corrected.”
– Artis Pabriks, Deputy Prime Minister, Minister of Defence of the Republic of Latvia
Fake news has been identified as an important challenge since the 2016 U.S. presidential election and actions have been undertaken to prevent them from spreading by bringing together stakeholders from governments, tech giants, and other parties involved. Effective rapid identification and blocking of fake news will allow us to contain information warfare from causing state-wide effects and preventing adversaries from manipulating social moods.
“Disinformation has a smaller lifecycle. The truth eventually comes out sooner than later.”
– JAROSLAV NAĎ, Minister of Defence of the Slovak Republic
As discussed on day one, cybersecurity is a global effort. However, there is an urgent need to not just secure the data and operations of our businesses but also our states and its defenses from whatsoever challenges lie ahead of us in the cyberspace.
September 30 is the last day of CYBERSEC Global 2020 and the registrations are still open at https://csglobal20.eu/register/.
CISO MAG is a Media Patron for CYBERSEC Global Cybersecurity Forum 2020.