In this signal, we will examine the driving forces, pressures and trends of digitization in the platform economy that are affecting the security of governments, corporations, and individuals. As digitization becomes more pervasive, we are at the stage where we can no longer afford even a brief outage without significant consequences. IBM in a research study interviewed 500 companies around the world who had experienced a data breach between July 2018 and April 2019. The study reported that the total average cost of a data breach totals to 3.92 M$ and that it takes as long as 279 days to identify and contain it.
At the same time as security threats are increasing, businesses are going through other digital transformations and expanding their digital ecosystems, shifting to cloud services and adding more devices to their networks (IoT, Internet of Things). All of these put tremendous pressure on IT infrastructure and required expertise of the staff. These challenges are discussed among different stakeholders in cyber security conferences like GCCS (Global Conference on CyberSpace) aiming to discuss the development of an international strategic cyber security framework. This is an indication of how complex and important an issue security has become and the need for international collaboration to aid in solving the problem.
Are there clear leaders leading the cyber security solutions?
Security has many aspects, such as physical security, identity management, authentication, access control, confidentiality, data integrity, and physical security to name a few. There is no one solution to meet all protection needs.
For example, take a look at Gartner’s August 2019 magic Quadrant for endpoint protection platforms, where companies are mapped in terms of completeness of their vision and their ability to execute. It seems that there is no particularly strong leader or challenger with a supreme ability to execute.
There is no one size fits all security product. Companies must knit together their own solutions. The problem is also compounded by manufacturers and vendors reluctance to share data. Even more concerning is the fact that raw data related to parts of critical infrastructure may be in the hands of private industry (for example power generation and distribution facilities, water, and wastewater treatment plants, transportation systems, oil and gas pipelines, and telecommunications infrastructure). This may prevent the countries national security teams from analyzing such data to aid in protecting this critical infrastructure and causing cyber blind spots.
Who owns cyber security in the enterprise?
Cyber security touches so many assets within an organization that it needs to definitely have oversight by the companies board of directors. At the same time, IT management and chief security officers need to learn how to communicate risks to CEO’s and boards. Given what assets need protecting is different for each company, it becomes a risk conversation and often needs to also involve the legal department.
Can blockchain help to increase the security of platforms?
A core feature of blockchain technology is encryption and decentralized data storage which can provide increased security for cloud platform infrastructures. Blockchain is being explored in the cyber security space to assist companies to maintain data integrity and to manage digital identities. PWC’s 2018 Global Blockchain Survey showed that 84% of the 600 executives surveyed across 15 territories indicated they were actively looking at blockchain. Blockchain could be a promising solution for security, but it is not yet applied widely.
What role will AI play in preventing cyber security breaches?
AI tools are being used to identify attempted, successful and failed cybersecurity attacks, learn from these attacks and update algorithms to detect these types of attacks in the future. AI may be used in endpoint protection software and vulnerability management software solutions in the future. Examples of some companies working on these types of solutions are IBM, Cylance, and Darktrace.
Examples of Security Platforms
Security is an actively developing field. In Finland alone, we can identify 375 companies dealing with security. F-Secure is one of the leading companies offering cybersecurity and privacy detection and response solutions. Given Finland’s reputation of being reliable, they have an opportunity to offer trustworthy solutions to the world.
Although we mentioned about not having a one size fits all integrated security platform there are companies with platform business models addressing pieces of the problems. Anomali Threat Platform integrates seamlessly with many security and IT systems to operationalize threat intelligence and their Developer SDK allows organizations to build custom integrations as well. GRF (Global Resilience Federation) builds, develops and connects security information-sharing communities. GRF is a provider and hub for cyber, supply chain, physical and geopolitical threat intelligence exchange between information sharing and analysis centers (ISACs), organizations (ISAOs) and computer emergency readiness/response teams (CERTs) from many different sectors and regions around the world. ILOQ advances in physical security with self-powered digital locking and mobile access management solutions that are revolutionizing the locking industry. Security Now RiskSense Solution is a vulnerability management and cyber risk platform, which helps companies manage their cyber risks through their vulnerabilities.
Selected Articles and Additional Websites
IBM Security (2019): Cost of a Data Breach Report
Internet Society (2017) GCCS – Global Conference on Cyber Space
Gartner (2019) GCCS – Global Conference on Cyber Space
The Hill – Dave Weinstein (2019): Cyber Blind Spots
PWC (2018): Blockchain in Business
IBM: Artificial intelligence for a smarter kind of cybersecurity
Cylance. AI Driven Threat Protection
Darktrace. Cyber AI Platform
Security Informed. Security Companies in Finland
Anomali. Secure Platform for trusted collaboration
F-secure
Global Resilience Federation. Multi Sector Security
Ilog. Self-powereed digital locking system
Security Now (2018). RiskSense Platform Demonstration
Cyber Balance Sheet (2018) Report Sponsored by Focal Point Data Risk
Wedge Networks (2016) Orestrated threat management
Gartner (2019). Top 7 Security and Risk Trends for 2019
Gartner 2019). 5 security questions boards will definitely ask