Skip to main content

Intelligence assured

Subscribe to future blog posts featured in our newsletter

Read more about how we handle personal data

Advenica

With a constantly more serious threat scenario, everyone today needs to be aware of the risk of a cyber attack and the consequences of insufficient security. Critical infrastructure is particularly vulnerable. For those of you responsible for such operations, we have compiled some talking points so you can make responsible and sustainable decisions.

1. You can digitalise efficiently and responsibly

The amount of critical information is growing. Simultaneously, markets are pushing for higher availability. Connecting devices saves time and money and enables transparency and agile ways of working. The downside is that the number of attack vectors increases accordingly.

Take for instance geographically spread power stations. To send log or monitoring information to a central server that can be accessed through the Internet, the technology has to ensure that the data cannot be manipulated or intercepted. Thus, some form of encryption is necessary.

How can you be sure that the crypto products are effective? Over time as well?

reasons to invest in future-proof solutions

2. You secure sufficient protection considering the technology development of attackers

Opinions differ among cyber experts on how imminent the breakthrough of quantum computers is. One thing even sceptics have to acknowledge is that the first ones to commercially sell quantum computers as cloud services are here.

This increases the threat scenario, not only from state-funded attackers but also from criminals. As communication can be recorded today, it has to be deemed compromised when protected by many popular crypto algorithms.

How do you supplement firewalls, fibre and 4G connectors the best way to achieve sufficient security?

3. You get a long-term sustainable solution

Is your business planning to invest in technology to protect OT networks that need IT support, then you probably do not want to have to change it in the next few years. Do you also happen to work in one of the governmental agencies whose critical information has to be safeguarded for at least 50 years? Well, then you have to regard solution performance from a longer perspective.

Perhaps it would be simpler and more cost-effective to go for future-proof solutions from the start?

future-proof

4. You are stronger in audits

It is always important to conduct a risk analysis to identify vulnerabilities in IT architecture. Information availability is a definite risk for both critical infrastructure and other businesses that affect national security. When responsible for that kind of organisation it is wise to the most effective measures a top priority.

Advenica offers a quantum-safe solution in SecuriVPN, which has received several certifications and approvals at the level of security. What would this mean for upcoming audits and all the previously mentioned issues?

Last but not least, a piece of advice

There are no shortcuts when it comes to cybersecurity. Encryption is merely part of the overall protection, segmentation another. However, you always have to have a holistic approach and also include physical security and human factors. By conducting a risk and security analysis, problems will be identified, and necessary measures will be made concrete, in priority.

Advenica

Jonas Dellenvall, CTO at Advenica, shares his view on the security year ahead of us. Technological development is evolving in an incredibly fast pace with the increase of AI, machine learning and quantum technology.

Let’s start by looking back on 2018, how’s the year been? The NIS directive? GDPR? What were the effects? Did it turn out the way we expected?

2018 was the year when information security really landed on the management’s agenda. Instead of being something handled by the IT department, it became a strategic decision both in terms of revenue as an enabler for business, and in terms of costs/risks in order to avoid fines as a result of GDPR violation or a damaged reputation.

One of the biggest effects of GDPR is that many have made serious changes to their processes. Many countries are improving their cyber readiness by implementing the NIS directive, or by changing their national security regulations.

cybersecurity trends

So, what’s going to happen in the cyberworld during 2019?

The threats keep on evolving which means more states are becoming more competent with an increased ability and capacity. There are no signs that there will be any drastic changes of this trend, but rather a continuous growth. I would think that 2019 will become the year when we start to take a serious look at how we should approach the situation. Are we going to accept the risks – or are we going to do something about it - even if it means having to refrain from some of the benefits of digitalisation?

As a consequence of increasing threats, we now have to assume that one or more attackers will succeed – therefore it’s important to use solutions that will protect against threats even when they aren’t known yet. Building several layers of protection (defense in depth) with physical segmentation is one way of making it harder for attackers to succeed, no matter their capability.

What would you say is the most challenging cybersecurity issue in 2019?

Making sure that critical infrastructure is robust, in the sense that it can’t easily be brought down from a distance. The process will take several years, but it will definitely get started in 2019.

cybersecurity trends

The current state of the world means that the priority of civil and military defence will continue.

Cybercrime is constantly increasing. What needs to be done in order to break the trend?

The reason that crime is increasing is that it pays off - it’s as simple as that. For criminals, the chances of getting caught – and the consequences if you do so – are less palpable than the outcome of a successful attack. For a business operator it can cost more to fix the security flaws than to handle the losses. The most important player to change the situation is therefore from the political side - by changing the incentives for both criminals and business the tide can turn. The risk of being a criminal needs to increase – and at the same time change the incentives for business operators to actually enhance their security.

As a business operator or subcontractor, you have a responsibility to choose a robust solution – even if an unsecure solution could be more profitable short term. Choosing an unsecure solution will benefit criminals, which in the long term is costly for all of us.

cybersecurity trends

Which methods can be used in order to increase your preparedness for IT related cybercrimes?

There is not much new in that area. Make sure to have up and running routines for backups and security updates. By continuous security and consequence analysis, you can protect the right assets in the right way.

Cybersecurity is not a checklist or a state – it’s a process. By continuous and conscious work, it’s possible to achieve the right level of protection.

List your top three advice for an information security manager to think about in 2019

  1. Don’t risk it – make reoccurring security and consequence analysis in order to know what’s worth protecting and why. That is the only way to avoid both unnecessary risks and unnecessary costs.

  2. Assume that all protection can fail and design architecture accordingly. Use defense in depth and physical segmentation when needed.

  3. Do not allow yourself to be in the cyber criminality revenue chain. We are all part of the solution to create a world that is more secure.