Security by design: the new cybersecurity paradigm — Atos

Posted on: December 4, 2019, by Zeina Zakhour

We are living in remarkable times as ongoing digitalisation transforms the world in which we live. It is estimated that by 2025, an average person will interact with connected devices around 4,800 times per day — that’s one interaction every 18 seconds.

This speed of innovation is, however, also expanding the ‘attack surface’ and creating opportunities for threat actors to reach what is one of the organisations’ most valuable assets: their data. Cybersecurity must, therefore, be integrated into the fabric of organisations: in other words, organisations must be secure by design.

Security by design introduces agile security controls that can adapt to changing digital environments and is based on the following four elements: an understanding of the threat landscape; people; scalability; and speed. In addition, security by design must be underpinned by a robust ethics framework.

Understanding the threat landscape

Cybercriminals and state-sponsored actors are using innovative techniques to steal data, commit fraud, extort money and paralyse critical national infrastructures.

2017 was the year of ransomware. 2018 was the year of cryptojacking, as well as hardware flaws such as Spectre and Meltdown. In 2019, these cyber threats are still going strong: malware used to process cryptocurrency transactions using other people’s computing power remains popular, and variants in ransomware have increased by nearly 50% since 2018. In addition, we are still facing vulnerabilities that are ‘wormable’, which means, for example, that patches issued for existing vulnerabilities may still be leveraged by cybercriminals to create the next Wannacry or NotPetya. Hardware flaws spawned more attacks and 2019 brought new cyber threats into the spotlight, such as Domain Name Service hijacking campaigns (to steal data by diverting traffic to spoof websites), inter-cloud attacks and cross-platform malware that moves from IT environments to industrial platforms, or vice versa.

In future, we will see more threat actors harnessing AI to launch ever more sophisticated attacks. It is, therefore, undeniable that traditional cybersecurity methods will not be a match for attacks perpetrated by smart machines: the need for cybersecurity by design is urgent.

People

Security by design should focus on people as much as technologies, and organizations need to ensure that all their employees are cyber aware and cyber vigilant.

Organizations lacking the necessary human as well as technological cybersecurity resources struggle to keep their security teams updated on the latest threats and technologies. Organizations should, therefore, identify expert partners who can walk this journey with them.

With an undeniable shortage of cybersecurity skills, it is predicted that by 2022, around 1.8 million cybersecurity jobs will be unfilled. As Europe’s number one cybersecurity provider, Atos is active in addressing this challenge. With over 5,000 cybersecurity professionals and 14 security centres, we operate dedicated cybersecurity skills recruitment and development programs — including our Cyber Academy and Digital Growth Network in Cyber Security.

Scalability

With the move to cloud and the arrival of a hyper-connected world, organizations need flexible and scalable cybersecurity solutions and services. For example, the adoption of edge computing (whereby vast computing power is transferred out into the network) is accelerating; swarm computing will be yet another major transformation, bringing together edge, multi-cloud and Internet of Things devices into highly distributed, hyper-connected computing environments.

New cybersecurity solutions will be orientated towards data-centric security, whereby the data itself is secured. Even today, advances in the use of strong encryption to protect data is in turn used to encrypt malware to avoid detection. In advanced prescriptive security environments, security controls will self-adapt to the changing threat landscape, all interconnected by prescriptive Security Operations Centre and security analytics either at the edge or in the cloud.

Cybersecurity specialists are also preparing for the quantum revolution by adopting quantum-safe encryption and leveraging the vast power of quantum computing to improve cybersecurity analytics for detection and response.

Speed

Cybersecurity should never slow down or block digital transformation, with security by design empowering organizations on their digital journey.

At the same time, the speed of cybersecurity innovation is so fast that organizations sometimes find themselves investing in technology only to soon discover another that is more effective or efficient. Moving to procure cybersecurity ‘as a service’- instead of having to maintain their own cybersecurity infrastructures — will better enable organizations to adapt to changing challenges and threats and optimize the cost-efficiency of cybersecurity.

Instinct and intelligence

Security by design must be underpinned by a robust and evolving ethics framework. Data privacy and ethics are shaped by the changing regulatory landscape, with clear warnings from governments and others about the need for auditability and transparency in AI algorithms. Directing the power of AI is as much about what AI should do, as what it can do.

Organizations must, therefore, adopt an ethical framework that will guarantee that ethics and privacy controls are implemented throughout the data lifecycle, including the programming and adoption of AI and automation.

Given the pervasiveness and power of AI, the future of cybersecurity itself will be AI-powered, thwarting complex attacks and leveraging the best defence mechanisms to win the battle. Success will be thanks to the careful balance between instinct and intelligence and between human and machine — working together to protect people and infrastructures.

Digital Vision for Cyber Security 2

Atos’ Digital Vision for Cyber Security 2 brings you insights into the latest challenges and opportunities for business leaders and influencers — and the critical role of cybersecurity to underpin transformation and vital trust in our digital society.

Originally published at https://atos.net.