Cybersecurity and managers: Opportunities & challenges

Event report

[Read more session reports from WSIS Forum 2017]

The moderator(s) of the workshop gave a brief context on how the current world is transforming into a digital society with enterprises becoming increasingly digitised.

Nathalie Devillier, Associate Professor to department Accounting, Law & Finance, GEM – Grenoble Ecole de Management, highlighted the role of the increased pervasiveness of information technologies in revolutionising society, becoming a transparent mediator of our economic and social activities.

Federico Pigni, Associate Professor to department Management & Technology, GEM – Grenoble Ecole de Management, emphasised that just as new opportunities are on the rise, new challenges are emerging too. Cybersecurity is in the spotlight. Recent examples of car manufactures facing the novel threat of cyber carjacking, healthcare organisations becoming a primary target of data breaches, and retailers finding their point-of-sale (POS) system compromised were quoted.  The moderators mentioned that the objective of this workshop was to explore the main opportunities and threats raised by an increasingly digital society, and focus on the role of cybersecurity in supporting and enabling organisations’ success.

Dejan Kosutic (CEO at Advisera.com) presented the main problems that are currently being faced by the information security community. He insisted that in the current world, enterprises are looking for a solution to decrease the cost of information security implementation, achieve compliance to the applicable regulatory standards, and fit cybersecurity into existing business plans. He also highlighted that the current issue is that measurement is focused on key performance indicators (KPIs) of processes and safeguards only and does not consider the holistic nature of cybersecurity. He suggested ways to get top management interested in information security, such as how information security implementation is helping them lower operating costs, easing compliance processes, increasing revenue/market share, and contributing to the competitive advantage of the company. In conclusion, he asked implementation partners to remember that ‘Information security and profitability / market share / shareholder value are related’.

The private sector representative on the panel, Federico Smith, Manager, Excellence Center DS Platform, Scalian Group, presented views on how Internet governance and Big Data are revolutionising world economics. He called the phenomenon ‘petroleum power’ and gave examples of issues related to intellectual properties and patents. He mentioned that cyberwarfare is a reality for connected organisations and should no longer be considered a myth. He gave examples of major cyberattacks that were exploited between the period 2014–2016

• Interpol operation ‘Sextortion: International police operation against users of the Black shades software.
• Interpol ‘sniping’ in Europe against cybercrime: 34 countries/1000 people.
• The website of the Ministry of Defense (France) cyber attacked by Anonymous.
• Lizar squad attacked institutional sites (20,000) – # OPFRANCE / Charlie Hebdo.
• Babar: the DGSE software rampant in the Middle East.
• The Office of the Intelligence Services Directorate (ODIN-USA) announces the creation of a ‘pre-crime’ computer system – social media + Bitcoin
• Extensive Europol operation against the RAMNIT virus (3 million infected computers).
• Snecma (Safran group): industrial sabotage (France).
• Heartbleed: the most important security vulnerability
• Dragonfly: targeted 84 countries / 1000 companies
• Theft of personal data from 4.5 million patients in the US community health system
• Morgan Chase 83 million stolen records of customer data.
• Target (USA): 40 million bank accounts looted
• Anthem: data theft of 81 million personal records (USA)
• Excellus Bluecross BlueShield: victim of a piracy (10.5 million insured data)

In conclusion,  Pigni raised questions for the panellists and the audience on how mindset and organisational readiness for cybersecurity can be accomplished. He said that various stakeholders need to brainstorm and come up with proven methodologies that can be adopted by the industry to achieve a cybersecurity transformation that is strategically aligned to business transformation.

by Mohit Saraswat