Cybersecurity is fast becoming a strategic, board-level issue for all organizations, as they transform themselves digitally and prepare for the seismic challenges and opportunities caused by this disruption. The growing stature of cybersecurity was abundantly clear from all the international movers and shakers who attended this year’s Munich Cybersecurity Conference (MCSC).
Organized by Security Network Munich, the MCSC is an important cybersecurity event in the conference calendar, attracting high-level experts and industry leaders and influencers from around the world. As a major player in enterprise-level cybersecurity, Fujitsu is delighted to contribute to the success of the MCSC, both as an official sponsor and as an expert panelist.
The conference comes at a time when rapid digitalization and the growth of the Internet of Things is providing a wider attack surface with more gateways for hackers, criminals and terrorists. Cybersecurity has very rapidly become one of the greatest threats to business continuity. For most organizations, dealing with a major security issue is very much a case of ‘when’ rather than ‘if’. Since a major security breach can bring an organization to its knees and stop it from trading, it’s really no surprise to find cybersecurity has made its way to the top of the boardroom agenda.
At Fujitsu, we’re tackling this ever-increasing threat globally and have set up an integrated security organization, offering cybersecurity services to bolster business continuity for our customers, keeping firms operational and trading, whatever the bad guys throw at them.
During the day-long conference, panels covered a wide of vital cybersecurity themes. Key discussion topics were the roles and responsibilities of governments and regulators for achieving cyber resilience in the public domain, and the impact of cybersecurity risks on critical industrial and commercial infrastructure in a smarter, more connected world. Debating time was also given to the hot topic of security risks around automated, driverless cars – and the complicated measures required to keep them secure.
New security approach needed for the IoT era
I was pleased to be joined on a panel by CEOs of firms like Infineon and the CISO of Wells Fargo Bank, and our brief was to look at the Internet of Things (IoT) through the lens of a consumer rather than an enterprise customer. There is no doubt the prospect of billions of new devices going online will have a transformative impact on society, but the scale of this revolution demands a new approach to privacy and security.
One of the many questions posed to the panel was to explain why IoT is so vulnerable. There are many parts to this answer, but one important factor is the appearance of new technologies and gadgets without clear regulations or standards, and, in some cases, security is overlooked because of the need to shorten product development times and maximize profit.
A good example here is the number of home surveillance cameras harnessed by the Mirai botnet, creating a distributed network of remotely controlled devices (or ‘bots’) infected with malware, and used for distributed denial of service (DDoS) attacks to cripple large networks. Often, these IP devices work straight out of the box with generic, standard usernames and passwords. Many non-technical consumers don’t understand the security risks of sticking with the default login credentials, or don’t realize they can change the username and password to enhance their protection – and their privacy.
One solution might be for vendors of IP cams and other off-the-shelf IoT devices to prompt or force users to update login credentials as part of the setup procedure. It’s a simple step and underlines how the technology industry needs to realize consumers are sometimes the weakest link in the security chain, simply because they are not IT experts.
Education is part of the solution to IoT security and cybersecurity. Schoolchildren now learn about online safety and security, and we must ensure this continues as part of the curriculum throughout school, college, university and into the workplace to ensure people are as safe as they can be, in our connected world. Security education is something we strongly believe in and encourage at Fujitsu. In fact, we initiated a new Masters course in collaboration with the University of Applied Science in Augsburg, Germany, and we are working very closely with many other universities across the EMEIA region.
Another challenge the panel discussed was the perceived resistance of today’s consumer to paying more for security. While customers seem willing to splash out more for functionality and fancy designs, they seem less prepared to pay for improved security. No-one enjoys paying more, but it’s fair to predict a change to this resistance as the world becomes ever more digitalized and connected through the IoT revolution with its associated increased security risks.
A powerful parallel from the past is energy efficiency. Over the years, and spurred by energy prices creeping ahead of inflation, consumers were increasingly willing to pay more for highly energy-efficient electrical goods. Likewise, when consumers fully appreciate the costs, inconvenience and stress of a compromised device, spending a little more on strong security is a wise and cost-effective investment. However, we need to lead consumers down this path by focusing on ‘security by design’ and making security measures simpler and easier to use for those people with limited IT knowledge.
Improving security as we move into the IoT era isn’t just about consumer education and industry-wide action. There is a strong need for active involvement from regulators and governments to develop, establish and police industry standards and protect all parts of the digital eco-system. We need a joined-up approach. If it’s possible in the airline and aviation industry, it’s certainly possible in the world of technology.