18/02/2020

Digitisation is not child’s play

Digitisation is also nerve-racking. Because large amounts of private data are constantly getting into third party hands – be they companies, government organisations, banks or hospitals.

When it comes to cyber security a lot of organisations are lagging behind sophisticated cyber Internet criminals. Companies and public authorities have to revise processes, develop new structures, find expert staff and hire at increasing wages. No wonder that too little attention is often paid to the issue of data protection and IT security. In the age of digitisation everyone will be using more data and doing business with it. When you talk to experts, they paint a gloomy picture in respect of this discrepancy between wanting to and being able to.

Many companies are struggling
If, for example, in cyber attacks on financial institutions customer data is freely accessible on the web, this can be used to carry out targeted attacks on customers’ assets. Unlike “perceived” theories on data risk posed by social networks and search machines, this so-called phishing is an actual quantifiable risk. Every year due to phishing unsuspecting staff around the world cause average losses of over 4.5 million dollars per company attacked. This was revealed in a study recently published by Proofpoint.

“Many companies are really struggling to protect themselves against data leaks,” says Uwe Kissmann, Head of Cyber Security at Accenture. The danger is ignored because it is not palpable. Evolution has prepared humans for other dangers, say when something is burning or a stone is flying. “Everyone hopes it will hit someone else.” But Kissmann is not a proponent of slowing digitisation down. “Despite the risks I would rather say that digitisation is not going fast enough.”

Cyber security is a top-level issue
“In order to become resistant to cyber attacks, companies must carry technical expertise into the boardroom and ensure that cyber security becomes an integral part of every new project,” advises Ralf Klotzbücher, Vice President Sales & Marketing Europe at Datwyler.

According to Kevin Bocek, Vice President Security Strategy and Threat Intelligence at the security software supplier Venafi, security experts must expect further attacks – and specifically on machine identity. “Cyber criminals understand the power of machine identity and know that it is poorly protected, so that’s where they set their sights,” says Bocek. In 2019 organisations spent over 10 billion dollars in protecting human identities. Most of them, however, are only just starting to protect their machine identities as well, as part of Industry 4.0.

The number of machines which need identities – including virtual machines, applications, algorithms and APIs – will continue to increase exponentially. It is therefore inevitable that the attacks on machine identity will increase in the coming year and beyond. “It is all the more important to carry out a routine assessment of the company’s existing IT infrastructures in order to make them fit for both current and future requirements,” says Ralf Klotzbücher.