Everbridge Software: "poor communications are your biggest security threat"
Vincent Geffray is Senior Director of Product Marketing with a focus on IT service alerting, IT team collaboration and process orchestration at Everbridge. He has over fifteen years of experience in the IT operations and service management space, with expertise in critical communications, IT service alerting, application performance management, IT process, runbook, and workload automation. Here he shares his advice on managing cybersecurity.
When it comes to cybersecurity, way more focus is given to prevention than management.
Of course, it goes without saying that the security of critical systems and data is the primary concern for any Chief Information Security Officer and InfoSec team. So, everything from firewalls to intrusion detection systems to end-point security and IT monitoring continuously and effectively will be in play.
Yet, the inconvenient truth is that organisations are playing defence while hackers are playing offence. To win, the hackers only need to get an attack right once. To win, you need to get your defences right every time. Unfortunately, technologies like automated botnets that can launch thousands of attacks a second – not to mention users who click on malware-filled or phishing emails – mean that the odds of an attack getting through at some point are against you.
The biggest challenge faced by today’s organisations is the lack of effective internal and external communication before, during and after an attack.
Let’s take a closer look.
Before an Attack
Remember, if your employees are not fully trained on security awareness, then all the technology in the world will not protect your business from an attack. They are your first line of defence. Make sure that your security team is trained periodically. It is also recommended that the best practices around spear phishing (the use of fraudulent emails aimed at specific users to launch an attack) so that your people know how to recognise suspicious emails, links and attachments which can harm your systems.
A trusting work environment coupled with busy people can easily lead to poor split-second decisions around opening emails and exposing your most critical systems to attack, regardless of the sophistication of security technology you’ve deployed. 91 percent of cyberattacks start with a spear phishing email, according to research from TechWorld. So, proactive and sustained education around security risks is critical. Hackers are constantly refining their “phishing” techniques to trick users and you need to not only alert them to the latest threat but remind them to keep security top-of-mind on top of all their other work.
Protecting users from making such damaging mistakes is a big win. So, make sure the C-suite understands the business risks and the significance of developing a proactive strategy. CISOs should also lobby for them to back education programs – financially and personally, by setting the best example of safe computing themselves.
During an Attack
During an attack, a lack of communications can really hurt. A breach of security is also a breach of trust, and it’s a vital component in customer and partner relations. Every headline about privacy and data breaches, any failure to protect your systems and data will damage your organisation and brand.
The difference between a breach being a minor bump or a major impact to your organisation and its market value, is communication.
Think for a moment, about the impact of proactive and prescriptive notifications for example, to all employees drastically increasing the damage from an attack by compromising even more IT equipment as employees link their laptops to the company network.
Alternate communications platforms, out of band, from the company’s infrastructure, for use during an attack may need to be established, especially if the regular telecommunication network and email systems are compromised, just like in the Sony Pictures hack. While quick and targeted communication with the relevant IT experts will be key, don’t forget you may also need frequent updates with management, legal, marketing, key stakeholders and partners to comply with regulations governing data privacy and security reporting.
After the Attack
History dictates that those organisations that handled communications well after a breach suffered only small fluctuations in stock price and customer confidence. Those that couldn’t get the message out, or bungled the message, suffered far greater and longer-lasting damage. Don’t leave this to chance in a crisis.
A sound post-attack communication plan must describe what happened as honestly and completely as possible. It will explain correction steps taken for all affected parties, and (as soon as possible) what is planned to prevent a recurrence. This is difficult to do in the middle of a crisis, so have a response plan in place. Also have a tested communication system to alert all stakeholders.
- Knowledge is power when it comes to protecting against cyber attack says DynaRisk
- Shieldpay: Putting the security of real-time payments under the spotlight
- Tectrade: Forget cyber-attacks, simple IT outages could be your downfall
- Read the latest issue of FinTech Magazine
All Hands, on Deck
A culture of security will help to prevent breaches. It requires input and engagement from IT, HR, marketing, facilities, and anyone else regularly involved in managing your systems. In the event of a breach, you need to be sure all these players (and more) are clearly identified along with their skills, location and availability and are ready to perform critical functions. They shouldn’t be just names on a contact sheet.
While you can’t control how hackers will try to defeat your technology and deceive your users, you can swing the odds in your favour with fast, effective, coordinated communications before and after the event, to limit the damage and return to a normal state of operations faster.
AI and the future of global trade
Artificial intelligence (AI) is becoming entrenched in our daily lives, but the technology is still surrounded by misconceptions and skepticism. Ask the public and they may jump to dystopian scenarios where robots have taken over the world.
While this makes for a good sci-fi blockbuster plot, the reality is different and more benign. Those products that Amazon suggested you buy? AI. That TV series you were recommended to watch on Netflix? AI. That self-driving Tesla car you crave to take for a spin? You guessed it: AI.
There is no single industry that is not being re-shaped by technology. Until recently, however, there was one noteworthy exception: global trade. Fortunately, that is slowly changing.
The mechanism that underpins global trade – trade finance – is an industry that remains largely paper-based and reliant on manual processes. This US$18tn a year industry is now being influenced by a new wave of technological innovation, including AI.
Exploring the potential of AI in Trade Finance
AI refers to the use of computer-aided systems to help people make decisions or make decisions for them. It relies on large volumes of data and models to make sense of information and draw intelligence.
In trade finance, AI is helpful in analysing quantitative data, and the repetitive nature of trade finance means that there is a lot of non-traditional data at our disposal.
This means that when trade finance providers need to assess the risks of funding a transaction, AI models can be a very efficient tool for data analysis and reveal intelligence and risks relating to small companies.
AI helps the industry move beyond traditional credit scoring processes, which are often outdated and remain reliant on historical accounting entries – a barrier that prevents small companies from accessing trade finance and has resulted in a $1.5tn global shortfall.
Overcoming the barriers
AI can tackle this shortfall by creating accurate credit scoring models. This can include a company’s payment history, measure the risks of funding a transaction, identify supply chain risks, and benchmark them against their peer group.
Trade finance providers can use this information to communicate effectively with their SME clients, ultimately helping establish better business relationships.
Towards a technological utopia?
The adoption of AI has the potential to do a lot of good in the industry, and the industry is in the early stages of radical transformation.
Advances are driven by fintechs as well as a willingness to change. The industry is working together to create new infrastructure for distributing trade finance assets to other investors in a transparent, standardised format.
The creation of infrastructure is possible due to improvements in technology and integrated across the trade ecosystem in cooperation with banks, insurers, and other industry participants.
It’s collaboration at its best: together, the industry is using technology to re-shape global trade as we know it.