What is cybersecurity and why is it important?

in Cyber security, IT strategy, BlockchainBy Carlos Camara, Managing Partner

Cyber security continues to pose one of the biggest threats to the world economy. Recently, in May 2019, we saw the auction of a 2008 Samsung laptop which contained six of the most dangerous software viruses: WannaCry, BlackEnergy, ILOVEYOU, MyDoom, SoBig and DarkTequilla, that reached a whopping sale at $1.3M. The viruses on this laptop have resulted in $95b of total costs to the global economy, and would continue to be a critical security risk if connected to the internet, causing immense damage by spreading the infection throughout the network.

All ”connected” companies hold huge potential value for cyber attackers, and this value ranges from an active database with real profiles to credit card information that can be quickly sold on the dark web. Information security is critical for any business. As the exposure of a new company and its brand increases, the potential of a cyber attack grows significantly.

Investment in data protection and data integrity should be a business priority the moment an MVP is launched. Critically, a cyber security strategy should be implemented alongside the business plan and sales strategy.

An increasing number of enterprises are requiring support on digital and cybersecurity solutions, since they cannot overcome this challenge alone. Since platforms and systems are vulnerable the moment they are "connected" to the internet of the world, new solutions are always being put into place.

Nearshore software development companies, like Hexis Technology Hub, offer a variety of IT services, of which, cybersecurity has naturally become a primary concern. Cybersecurity has a range of threats, and at Hexis, we've recently seen the impact it can have in real terms. We supported a client to recover from an attack, which halted their sales due to the violation of digital contracts, and this had a crippling effect on their business.

What are the biggest threats to cybersecurity today?

Cybersecurity today is put at risk by the very same solutions that aim to mitigate the effects of a cyber attack. More and more cyberattacks are using bots with artificial intelligence which greatly increases companies’ IT security risks. These new wave of attacks use the same cybersecurity tools to profile behaviour detection to prevent attacks. So in this cat-and-mouse game we have existent scenarios of machines against machines in a cyber security chess puzzle.

Overlooked issues in assessing information security and cyber diligence

The most significant threat usually comes with the credentials recovery system, which is typically the entry point for a security breach. The cybersecurity policy applied in any organization must educate users to avoid passwords based on plain strings, or disclosing token information to any third party by phone or email. Although these errors seem so obvious, we have seen corporate giants with the ISO 27001 certification fail at this basic level.

These careless behaviours usually occur due to the existence of an IT department with an appointed CTIO, because of the perceived barrier of security. This leads to complacent actions such as disclosing sensitive information during a pirate phone call pretending to be an IT colleague. Although this is a topic that has been discussed multiple times, this flaw in cybersecurity policies continues to occur. The solution to this lies in the basis of the blockchain principle: the use of mobile apps to release a token, which requires the correct input of the caller, applying human certification based on a piece of dual information.

Automation and blockchain solutions

Cybersecurity depends significantly on human interaction with systems. The entry point for any cyber breach usually starts here. Automation should be applied in scenarios where information is even more critical and sensitive, typically in financial certifications, cryptocurrency transactions and contract management. Without a doubt, blockchain is one of the most reliable solutions for automating cyber security, eliminating the centralized control that is usually the prime target in a cyber attack.

The use of contract certification through blockchain increases the security level to a stage where it's currently seen as unbreakable, with applications that range from official government certificates and smart contracts to the support of FinTechs and cryptocurrency. At Hexis, we develop specialised solutions on end-products so that our clients are always covered with rigorously tested, bespoke security packages to keep them, and their customers, safe.

Misconceptions about security technology and cloud migration

Cybersecurity significantly increases with the use of cloud migrations and cloud services. A company that relies on its servers usually lack the proper maintenance due to the typical attrition of employees and know-how for the latest trends and best security policies. This misconception tends to halt improvement of the IT architecture of organizations. Whereas, in a simple decision to use cloud services, e.g. AWS or Azure, a company can have quick access to multiple active zones, geographically redundant, with all the latest security policies and available SLAs. The view that cloud leads to the lack of control is an illusion since a data ransom in a fully managed server is far a higher risk.

Cybersecurity tips and IT advice

Every single business is unique and starts with a human point of view, in which someone had a vision and created a product that inevitably has a digital footprint. The cybersecurity policies are a must in the conception of any business idea and should be considered from the inception of the business model. The advice for a good IT security governance is that any business that relies on online activity as their backbone to survive, should apply strong security policies and the right architecture design, to leverage on the latest security tools for a preventive mechanism rather than a reactive one.