Is Complete Cyber Security Possible?

Cyber Security Concerns

Every minute, we are seeing about half a million attack attempts that are happening in cyberspace.” – Derek Manky, Fortinet global security strategist

Pricewaterhouse Coopers has predicted that cyber security will be one of the top risks facing financial institutions over the course of the next 5 years. They have pointed at a number of risk factors, such as the rapid growth of the Internet of Things, increased use of mobile technology, and cross border data exchange, that will contribute to this ever growing problem.

Gartner has estimated that by 2020, the number of connected devices will jump from around 6.4 billion to more than 20 billion connected devices. In other words, there will be between two and three connected devices for every human being on the planet. Derek Manky of Fortinet, told CNBC that “The largest we’ve seen to date is about 15 million infected machines controlled by one network with an attack surface of 20 billion devices. Certainly that number can easily spike to 50 million or more“. So in a world where Cyber Security seems almost unattainable, is it still possible for you, or for large companies, to remain protected?

threat-cybersecurity

According to Cross Domain Solutions “comprehensive security is possible by making all security data accessible and automating security procedures”, which allows threats to dealt with in real time. They suggest an approach focused on data confidentiality, data integrity and the authenticity of users and data placeholders. Although it is theoretically possible, this is unlikely to provide total cyber security in practical situations.

The expansion and widespread adoption of the Internet of Things (IoT) has become the most pressing cyber security issue over the last 5 years. Smart phones, smart watches, smart TVs and smart homes, amongst other devices, have increased the surface area for hackers to take advantage of exponentially. This combined with the problems of perimeter security in cloud-based services, the sheer size of data collection by IoT devices, and the lack of security on many modern IoT devices, mean that complete cyber security (for businesses or individuals) will become increasingly more difficult. In a move that shocked the world earlier this year, hackers made off with tens of millions of dollars from Bangladesh’s central bank by using malware to gain access to accounts. Cyber Security is a very real issue for any business that has valuable information or assets stored digitally.

james-lewisIt has been suggested that we should focus on strategies to reduce risk that use formulas such as cyber risk = threats X Vulnerabilities X consequences; thus by reducing one of the factors to zero we can achieve complete Cyber security. The Common Vulnerabilities and Exposures list has more than 50,000 recorded vulnerabilities (with more added every hour), so it is almost impossible to ensure your network can deal with an incessant wall of hackers trying to get in. James Lewis, a cybersecurity expert at the Washington DC-based Center for Strategic and International Studies (CSIS), commented recently that businesses need to stop worrying about preventing intruders from accessing their networks. They should instead be concentrating on minimising the damage they cause when they do gain access. According to the Cisco 2015 Annual Security Report, “Security is no longer a question of if a network will be compromised. Every network will, at some point, be compromised”.

Fortunately for the tech world, the same capabilities that make networks more vulnerable can help to strengthen defences as well. Financial institutions are able to utilise big data analytics to monitor for covert threats, helping them to identify evolving external and internal security risks and react much more quickly. Whilst total cyber security may not be practically possible, the technology exists for businesses to be as security conscious as they feel they want to be. Both consumers and businesses should be assigning cyber security as the highest priority.

By Josh Hamilton

Jen
VoIP and PBX Phone Systems The cloud is already providing businesses with such a range of advanced tools and services, optimizing communication across channels, improving global cooperation, and supporting collaboration between teammates and partners both ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...
Gary Bernstein
Using Data to Gain Advantages Data collection is now omnipresent in every sector of the global economy. Several aspects of modern economic activity would not be possible without it, just as it would not be ...
Alex Dean
Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.