Since the recent arrest of Meng Wanzhou, the chief financial officer of Huawei, US organizations are looking beyond trade wars to a more critical issue: cybersecurity. It is no secret that the US government takes issue with China and various other unnamed state players over cybertheft of intellectual property.
One of the key concerns when falling out with a country where business is intertwined with the government, is that governments may respond on behalf of businesses they feel were affected adversely by the actions of another state. To the US, that is a big deal – especially for business owners and organizations. The good news is that through a combination of testing, training and insurance, businesses can win against this challenge. Make no mistake though: inaction in the space of cybersecurity has never posed such a significant risk as it does right now. Let’s discuss the risks and protection measures available:
Understanding cybersecurity risks:
The general public tend to think of cybersecurity threats in terms of data loss, data theft and even outages of the national power grid. Many are also becoming aware of cyberextortion, where hackers have ransom demands. Yet in a connected world, where IOT applications are present in just about all organizational layers and activities, in all sectors, the scope of the risk is much broader. There is also the intensity of the risk – and right now, one of the reasons it is quite severe, is the inability of the US and China to fully de-escalate on disagreements. However, the very nature of how devices are connected today – and the types of devices, extends the scope of the challenge. As one security expert puts it:
“Many people think of common risks like being hacked and losing confidential company information, but once they understand that even medical devices can be hacked, leading to fatal consequences for specific individuals in hospitals or at home, they get the message: protection against cyber threats is no longer optional” – Christian Espinosa, CEO, Alpine Security.
The range of medical devices that can be subjected to a security breach include pacemakers, heart rate monitors, drug infusion pumps, MRI systems and entire hospital networks. No longer can we say countries like Russia or China represent the main threat – since there are hundreds of countries where people are capable, as well as the challenge of home-grown experts that can act as rogue players.
Protecting against increased risk:
There is no doubt that we are now living in a time of unprecedented risk. This compels IT managers and key decision-makers to act early. When the cost of not acting can come both in the form of fatalities and financial losses, it is a time to be proactive. The origin of the crime is less important than the measures you adopt to be safer: preparation in all eventualities that fall within your risk tolerance is the only way forward.
According to Alpine Security, the starting point is penetration testing of both wired and wireless devices and networks, regardless of the sector in which a business or organization operates. In most cases, both a remote and onsite test can be carried out. By emulating a cyber threat, security experts can holistically address vulnerability issues. They also assert that cybersecurity training for users and C-level personnel in an organization can be a game changer in the fight against cybercrime.
One may argue that today it is the Middle East who suffers a cyberattack against Saipem, tomorrow it may be the EU or US. The landscape is changing rapidly, and threats are like trends: they come and go.
Conclusion: time for cyber insurance and penetration testing?
In an interconnected world, we experience numerous benefits from technology. This however does not come without risk. Whether at a domestic or international level, fowl players will always be around. The key is to be prepared. Only by carrying out penetration testing and being proactive, can we win against cybercrime.