A closer connection to the real world

From a risk perspective 2018 was an interesting year. But what will 2019 bring? In this blog series we look back but more so: we move forward. How can blockchain technology, cyber security, risk sensing and privacy help you gain a competitive advantage in the years to come? Episode 1 is about cyber security: the connection between digital and physical worlds.

In the past few years the number of reported cyber incidents has grown substantially. The nature of those cyber incidents varies considerably. The bigger ones, or a combination of similar incidents, often mark the beginning of new developments in cyber security.

Securing the core business

The WannaCry and NotPetya ransomware are an example of this. In 2017, both infected many computer systems. Last year the real impact of those incidents became clear, because the big companies that were struck by one of them published the losses they incurred in their financial reports. Shipping company Maersk for instance, had to reinstall 4,000 new servers, 45,000 new PCs, and 2,500 applications because of the NotPetya infection at a cost of approximately 300 million dollar. And the UK’s National Health Service has estimated the total damages of the WannaCry infection to be around 92 million British Pound.

These incidents showed that cyber incidents can have a major real world impact; a virus attack on an Industrial Control System can shut down the core business of an organisation. Organisations are now finally focusing on securing those systems, which for many is a rather new area of expertise because it is so closely connected to the real world and in many aspects differs from more traditional IT security.

Foreign intervention and data breaches

In 2018 intelligence services were also more often in the news than before. The Dutch AIVD prevented a hacking attack by the Russian secret service on the OPCW, the Organisation for the Prohibition of Chemical Weapons. And of course there were the ongoing news stories about foreign intervention in elections worldwide. Coverage of these events causes concern at a lot of organisations: can foreign interference affect them too? These are valid questions to ask and include in the threat analysis for your organisation – albeit with the somewhat reassuring remark that many organisations will likely not be a target for foreign intelligence organisations, so these high profile events should not distract from more mundane or opportunistic threats.

The Facebook-Cambridge Analytica data scandal incident was another big event in 2018. In March it became clear that Cambridge Analytica used data from millions of Facebook profiles without consent. The company violated its agreement with Facebook. But Facebook was punished too: Mark Zuckerberg had to testify in American Congress and the market value of the social media company fell by 134 billion dollar (the stock has bounced back since). The incident emphasised that trust within an ecosystem is very important; even if you use or sell another party’s data using strict contractual agreements, you need to know exactly what that other organisation does with the data and make sure it fits with your own ethical standards. Organisations should also realise that in the general public’s opinion, these contractual nuances – while factually correct – are often lost and the party that is seen as the main ‘owner’ of the data will likely suffer the backlash.

Best protection, given the circumstances

As a consequence of developments like these, my job as cyber security professional has changed a lot in the past few years. Not only because technology changes so quickly, but also because our work is closer connected to the core business of organisations. And that means that cyber security is not about assuring the maximum possible protection anymore, but about assuring the best possible protection given the circumstances.

A good example is the Industrial Control System at one of our clients, that still runs on Windows XP. From a cyber security perspective we would say that this system needs an upgrade. But in this case this would mean that the machines that are connected to the computers also need to be replaced: a multi-million dollar investment. As cyber security professionals we traditionally often see these scenarios in a very black and white fashion, but we need to accept that we sometimes have to find solutions in a less than ideal reality.

I think these developments are really exciting because they place cyber security at the core of where I think it should be: at the connection between digital and physical worlds, tasked with enabling this integration in a confident and trustworthy way. This is a large responsibility that requires new styles of thinking for many cyber security professionals – but one that we as a team are very keen to take on.