Typical notions of cyber security
When most people think about cyber security, they think about passwords. Passwords that are a bit more difficult than 123456 or QWERTY. Private individuals tend to select a good router for their home internet connection with focus on aesthetic design without any wires and with WPS (Wi-Fi Protected Setup) to avoid all that "difficult" typing according to the kids who veg out by consuming Netflix.
The more advanced tech aware person will consider installing a firewall and perhaps a freeware antivirus program. They think that's enough to defend against an attack. And when they think about cyber attacks, they usually imagine a very skilled team of hackers brute-forcing their way into a home or business system, not unlike robbers breaking into a bank vault.
But it doesn’t take much research to learn that in today's era cyber attacks are way more nuanced, and leave far more people vulnerable than imagined. And in the near future (months not years, quarters not decades), the average cyber attack is going to evolve even more. I believe that Moore's law applies here as well (to a degree there is an exponential factor involved).
If we want to prepare our businesses for these threats, and protect ourselves as individuals, we need to change how we think about cyber threats.
New Types of Attacks and the Lack of Experts
For starters, we need to start preparing ourselves for new types of attacks. With the rising diversity of entry points (endpoints, devices and software), preparing for conventional attacks isn’t enough. Today’s cybercriminals are remarkably intelligent and lazy, so they buy cheap and proven tools from the dark web, and all it takes is a single vulnerability to compromise and exploit an entire system.
Because there are so many possible attacks, and new attacks just waiting to be created, we need to spend more time sourcing and training the right tech talent, rather than just building bigger and better defensive systems. Security experts with experience in many different areas, with the ability to think flexibly, will be far more capable of responding to novel threats than their short-term-goal-focused contemporaries. But these skills are scarce in the market, so the costs for these skills are rising. Secondly, these types of cyber security experts are looking for continuous challenges, that's why they prefer to work with Cyber Security companys rather than a regular business. That leaves a shortage in the market of an estimated 2 million cyber security experts. Good luck fighting those odds as a business.
We also need to consider the rising volumes. Cyber threats are growing to be more in volume as well as in threat level. They’re growing regarding damage potential and probability (technology change factor x volume change x sophistication change). Thanks to the prominence of mobile devices and the growing influence of the internet of things (IoT), there are billions of connected devices around the world, and each one of those devices is potentially hackable.
There is also a growing number of people with the right motivation and resources, who could easily attack a device across the globe. Add that to the number of countries with minimal (if any) restrictions meant to prevent a cyber attack, and you have a recipe for a disaster.
My personal prediction is that we are only looking at the tip of the iceberg right now.
Finally, consider how much a cyber attack could hurt us. That is the fundamental question that any CEO, CFO, CIO, CISO should be asking in the business. We’re entering an era where nearly everything we do involves an internet connection or a digital device. Hurray to the digital transformation - pushed and hyped by the same technology vendors that failed to protect you in the first place. When IT components get compromised, it becomes nearly impossible to get the resources you need.
In addition to taking the possibility of a truly large-scale attack seriously and investing in better cyber security talents, we also need to educate people at the individual contributor level. The employees and staff with limited tech knowledge, who still rely on these devices on a daily basis are meant by that. If they choose weak passwords, fall for schemes, or otherwise allow themselves to be vulnerable, they become easy targets that could lead to the collapse of a much bigger system. Every digital network is only as strong as its weakest chainlink, and it's about time we acknowledge that.
It’s not easy to change how you think about a given problem, but simply educating yourself is a good first step. The more basics you learn about the world of cyber attacks and cyber security, the more accurately you’ll be able to think about your protection and the protection of your company.
You can also help your own cause by investing in better cyber defenses, like the agileSI™ solutions for SAP® Security.
The sooner and more thoroughly you invest in your defenses, the less you’ll have to worry about, the more likely hackers will pursue easier targets.
How fast do you need to run in order not to get eaten by the tiger? Just a little bit faster than the slowest person in the group! Want to know how fast you are running when it comes to SAP® Security?
Talk to us about the possibilities of:
INSIGHT SERVICE - Security Maturity Assesment for SAP® systems
INSIGHT SERVICE - specific SAP® PENTEST
Want to learn more? Contact us here!
We are here for you. SAFELY ENABLING YOUR SAP® BUSINESS