Here’s why, and what works instead.
"If not even the best IT security software can deliver 100% protection against cyberattacks, it is all the more vital to establish the right processes and, above all, involve people properly. In other words, human firewalls are at least as important as system firewalls."
Prof. Dr.-Ing Axel Stepken
Chairman of the Board of Management, TÜV SÜD
Thursday, 30 January 2020
Besides climate change, one of today’s most pressing challenges is certainly how society will manage digital transformation. The topic of cybersecurity is at the very core of this challenge.
At the 2020 DLD Conference held recently in Munich, I was part of a panel discussion that examined the topic from various perspectives. Juhan Lepassaar, Executive Director of ENISA, the EU Agency for Cybersecurity, represented the regulatory side, while Marten Mickos, CEO of HackerOne, took the view of potential attackers and as CEO of TÜV SÜD, I represented the position of testing and certification organisations as impartial third parties. A recording of the panel discussion is available here:
But because the topic of cybersecurity is a personal priority for me, I would like to share my key takeaways from this extremely fascinating and important discussion.
Trust is key! The success of a technology stands or falls by the trust people place in it. From Smart Home to IoT or IIoT, people will only use digital technologies if they believe they are safe and secure.
And yet there is no such thing as a 100% secure system. The crucial issue is not whether an organisation is attacked, but how fast and how well it responds to an attack to minimise damage and recover quickly.
HOW TO SOLVE THIS PARADOX?
I am convinced that we need to approach this problem differently. And, as so often, this means we need to change our way of thinking.
More technology doesn’t equal more cybersecurity. For this equation to work, we need to add another variable – people.
If not even the best IT security software can deliver 100% protection against cyberattacks, it is all the more vital to establish the right processes and, above all, involve people properly. In other words, human firewalls are at least as important as system firewalls. Given this, what we need is more awareness and more investment in education. What we need is a new cybersecurity mindset.
WHAT DOES THIS MEAN FOR THE INDUSTRY?
Cybersecurity by Design must become the standard. Software and hardware security criteria must be incorporated right from the design stage to rule out later vulnerabilities. Standardised cybersecurity requirements must be defined and established throughout the supply chain.
WHAT DOES THIS MEAN FOR THE INDUSTRY FOR REGULATORY AUTHORITIES?
In many cases technology is far ahead of rules and standards, so they must be continuously advanced to create a framework for secure digital transformation. This also spans security assessments and certification of safety, IT security and privacy requirements.
WHAT DOES THIS MEAN FOR THE TIC INDUSTRY?
Because today’s products and equipment are increasingly software-based, it is only logical for providers of testing, inspection and certification services to focus strongly on cybersecurity.
Software updates change product characteristics and open up new targets for cyberattacks. Periodic testing and inspection thus no longer deliver the desired results, making 24/7 monitoring necessary.
WHAT DOES THIS MEAN FOR BUSINESSES AND USERS?
Cybersecurity has long since ceased to be a problem for IT departments alone; it has evolved into a matter for C-level management. We need to invest more in education. While this is easier for large enterprises, awareness levels are still too low in general – and in SMEs in particular.
With this in mind: stay safe!
This article was originally published on LinkedIn Pulse.
Consequences and safety solutions
Implement an Information Security Management System according to ISO / IEC 27001
Bosnia and Herzegovina