South Africa keeps rates unchanged after unpredictable vote    Israel's c.bank chief: IDF shouldn't get 'blank check'    Egypt's gold prices fall on May 30th    KOTRA organises Egypt-Korea cooperation seminar on electronics industry    MSMEDA encourages enterprise owners to shift to formal sector: Rahmi    Ancient Egyptians may have attempted early cancer treatment surgery    Indian rupee to slip on rising US yields, dollar    Egypt, China strengthen ties on 10th anniversary of strategic partnership    Israel takes control of Philadelphia Corridor along Gaza-Egypt border    Egypt reaffirms commitment to African cooperation at AfDB Meetings    Germany approves carbon transport, storage proposals    Thailand seeks entry into BRICS    Abdel Ghaffar discuss cooperation in health sector with General Electric Company    Grand Egyptian Museum opening: Madbouly reviews final preparations    Valu Partners with Magdi Yacoub Heart Foundation to streamline donations for New Cairo centre    Kremlin accuses NATO of direct involvement in Ukraine conflict as fighting intensifies    Madinaty's inaugural Skydiving event boosts sports tourism appeal    Tunisia's President Saied reshuffles cabinet amidst political tension    US Embassy in Cairo brings world-famous Harlem Globetrotters to Egypt    Instagram Celebrates African Women in 'Made by Africa, Loved by the World' 2024 Campaign    US Biogen agrees to acquire HI-Bio for $1.8b    Egypt to build 58 hospitals by '25    Giza Pyramids host Egypt's leg of global 'One Run' half-marathon    Madinaty to host "Fly Over Madinaty" skydiving event    World Bank assesses Cairo's major waste management project    Egyptian consortium nears completion of Tanzania's Julius Nyerere hydropower project    Sweilam highlights Egypt's water needs, cooperation efforts during Baghdad Conference    Swiss freeze on Russian assets dwindles to $6.36b in '23    Egyptian public, private sectors off on Apr 25 marking Sinai Liberation    Debt swaps could unlock $100b for climate action    Amal Al Ghad Magazine congratulates President Sisi on new office term    Financial literacy becomes extremely important – EGX official    Euro area annual inflation up to 2.9% – Eurostat    BYD، Brazil's Sigma Lithium JV likely    UNESCO celebrates World Arabic Language Day    Motaz Azaiza mural in Manchester tribute to Palestinian journalists    Russia says it's in sync with US, China, Pakistan on Taliban    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Cybersecurity transformation in 2019 and beyond
Alexander Moiseev Published in Daily News Egypt on 30 - 08 - 2019

I'd like to tell you a short story. When working with a client on its security provision, we discovered that it had only devoted 4% of its total IT budget to cybersecurity. "Let's develop a solution with this 4%," said the client. It was only at that moment that I realized that cybersecurity is often considered as something that does not yet exist. This is a common misconception, and in some ways, this is the fault of the cybersecurity industry.
So what is cybersecurity?
For a long time, the cybersecurity industry has been doing what customers needed: offering products to protect them from existing threats targeting their networks. Moreover, customers were ready to pay for it, and this is more than logical – if there is a problem, people are ready to pay for a solution. But, as a result, the industry has made no effort to provide customers with a clear understanding of what cybersecurity actually is. Protection of information systems was perceived as adding layers into the system architecture: build an IT infrastructure, put some security on top and you'll be fine. IT was something that would speed up and simplify a few business processes, but not yet the backbone of business infrastructure.
Competitiveness, as well as effectiveness and profitability, did not depend on IT. As such, cybersecurity was considered as an optional not obligatory part of your business network, demanding an arbitrary amount of investments. People would only spend 4% of their IT budget on security because there was 4% allocated for ‘additional needs'.
Because of this, the industry just sold utilitarian products that worked with more or less any company servers and computers. The only difference between offerings was the number of endpoints and servers which needed protection, or for which budget was available.
Back then, the answer to the question "what is cybersecurity" was simple: cybersecurity is the software you buy to protect your IT infrastructure from malware. However, the modern business environment – at least when it comes to large enterprises – is transforming and so should the cybersecurity industry.
Today we live in an ultra-connected world. In an era of digital economies, where technology has become deeply entrenched in our lives, modern and efficient IT infrastructure is an integral part of any profitable business. When a business thinks about what kind of IT infrastructure it needs, it doesn't consider how to apply it efficiently, but rather what business goals can be achieved with the technology.
In other words, businesses know exactly what objectives they are aiming at. They want to use the right tools. But, more than that, they are looking for experts to demonstrate and explain what should be done in order to achieve their needs; not just someone who will propose a unified solution that (supposedly) fits everyone.
Yes, modern cybersecurity solutions protect from all the major sophisticated cyberthreats. But that's not a killer-feature anymore. Security software is rapidly becoming a commodity. Protection from any kind of cyberthreats is not something that modern businesses are looking for. That is something they already have, so it doesn't solve their cybersecurity challenges.
What would solve them?
The new ultra-connected and digitalized business environment requires a specific approach not just to cybersecurity, but to the very process of accessing cybersecurity. The latter includes not only finding cost-effective security technology that performs well in security tests but also understands what kind of protection a particular business needs. By default, any business has little insight into what specific protection fences they need to build to mitigate emerging attack vectors.
Should a business prepare itself for attempts by Chinese or Russian-speaking hackers? Should they invest considerable money inexpensive solutions that would protect a particular part of the company from disruption? Or is the probability of such an attack so low, that it would be more profitable to have this risk covered by insurance?
Would the NotPetya malware have brought the same amount of damage if the victims had known in advance that – given the global distribution of their business – they should pay more attention to protecting themselves from supply chain attacks?
These and other questions are really hard to answer if you don't have security expertise. On the other hand, as the experts, the security industry must cease to create one single product that addresses the myriad risks each different businesses face.
That is why the cybersecurity industry is moving from a realm of unified boxed products towards expertise-based, business-needs driven, unique solutions. As an industry, we must start to listen more to what clients are looking for, and we must start putting our knowledge about cyber threats into the context our clients are living in. This means creating specific, tailored and unique solutions to protect businesses from the threats they really risk facing. Not those that would have minimal impact on the performance of the core business IT systems and would be difficult to justify from a budgeting perspective.
The cybersecurity industry needs to learn how to minimize risks based on customer's goals and desired results, not the threats that customers should be protected from.
Cybersecurity is no longer just about providing software protection from all possible cyber threats, be it malware, spam or advanced persistent threats (APTs). It is not what you buy, but what you get. Previously, a notification from a security product about malware being caught on an endpoint was a sign that you were protected; proof that you made the right investment. Today, a wisely built IT infrastructure armed with specific protection technologies is astonishingly expensive and not cost-effective. It is pointless cybersecurity. A better indicator of cybersecurity is the fact that you didn't lose a penny due to cyber-incidents in the last quarter.
So, is it realistic to build proper cybersecurity with a limited budget?
Of course, it is. But with one important condition. This budget should be estimated as a result of expert cooperation between a business and an information security vendor. If a company's IT infrastructure is a vital mechanism that ensures the business functions, then the cybersecurity industry is a vaccine to give this mechanism immunity from problems threatening it without causing any side-effects.
Alexander Moiseev is the Chief Business Officer of Kaspersky

Clic here to read the story from its source.