Business communications and transactions are increasingly moving from the security of legacy networks as organizations demand the agility of mobile. Meeting threats on the mobile arena will become a top challenge when transforming business and critical functions of society. How can organizations embrace the mobile future while also reducing the risk of cyber breaches? The question will be explored at threatLAB 2016 – Cyber Risk 360°, Feb 1-3, by Robin von Post, CTO of Sectra Communications. threatLAB asked von Post for a preview.
threatLAB: What’s your prediction for the continued adoption of secure mobile technology?
Robin von Post: The drive to introduce mobile technology in business and process environments comes from an extreme progress in technology with respect to stability, availability, performance and reduced cost for mobile communication solutions. It is mainly the consumer market that pushed this and that will also drive the end users’ requirements on what information can and will be available to whom and when in their respective professional environments.
At the same time, organizations see a way of improving their operations by letting information flow more fluidly between domains. The cost cutting effects and possibilities to scale up operations with the same staff is of course tempting. But the threat towards exposed connected devices (Internet of Things) and communications will increase. The adversaries see their business models evolving in line with the increased attack surfaces and opportunities to turn information into money (such as mobile ransomware).
Balanced protection of communication is needed, which for instance could be a Mobile VPN-solution or the application designed with end-to-end protection out of the box.
threatLAB: What do organizations need to know about how to make this transition smoothly?
von Post: In order to embrace change, organizations need to understand their current picture. Developing a map of where assets in systems are created, handled and communicated will help managers understand where the move to mobile will introduce new attack surfaces. Plus, it gives a helpful starting point for how to design a good security net around the assets in the new architecture. Usually a roadmap for segmentation, early detection and a defense-in-depth will catch adversaries before they can actually create disruptions or ransom situations to the critical parts of your operations.
threatLAB: The European Union has the most stringent data privacy regulation anywhere. What should companies in the United States know about the rules around data privacy and data sovereignty?
von Post: In the European Union (EU), business models relying on personal data gathering do not work the same as in the United States. The essential difference is that in the EU, interpretation of agreement law views company-person asymmetry strongly in favor of private individuals much more than in the US, meaning that acceptance of user conditions is void.
It is possible to make business models based on data gathering in the EU but you need to address the gathering of information with the data as a group not by the individual.
threatLAB: What lessons can industry draw from your experience working with government and defense organizations?
von Post: These organizations have worked with a defined threat model for many many years and not only with respect to communications. So they understand the need to design security solutions as a part of the overall system that holds the information needing protection. It could be extremely costly or almost impossible to add security “after the fact.” And my main advice would be to work closely with strategic security partners to help when defining, building or procuring IT solutions for business transformation.
Attend threatLAB 2016, Cyber Risk 360° to accelerate your cybersecurity strategy and learn more from a cross-section of cyber experts. Feb. 1-3 at the Streamsong Golf Resort & Spa in central Florida.