Egypt's FM seeks deeper economic, security ties on five-nation West Africa tour    Famine kills more Gaza children as Israel tightens siege amid global outrage    Kuwait's Crown Prince, Egyptian minister discuss strengthening cooperation    Egyptian Drug Authority discusses plans for joint pharmaceutical plant in Zambia    Egyptian Countryside Development chief discusses cooperation with Italian ambassador    CIB completes fifth securitisation issuance for B.TECH worth EGP 859.4m    Madbouly reviews legalisation of newly annexed lands to new cities, housing offerings    Nigeria endorses El-Anany for UNESCO amid closer economic links with Egypt    Roche helps Egypt expand digital pathology and AI diagnostics    Two militants killed in foiled plot to revive 'Hasm' operations: Interior ministry    Egyptian pound shows stability in Sunday trading    Egypt foils terrorist plot, kills two militants linked to Hasm group    Egypt exports 175K tons of food in one week    Egypt, Somalia discuss closer environmental cooperation    Egypt's Health Minister reviews upgrades at Gustave Roussy Hospital    Giza Pyramids' interior lighting updated with new LED system    Egypt's EHA, Huawei discuss enhanced digital health    Egypt's EDA explores pharma cooperation with Belarus    Egypt expresses condolences to Iraq over fire tragedy    Foreign, housing ministers discuss Egypt's role in African development push    Korea Culture Week in Egypt to blend K-Pop with traditional arts    Egypt, France FMs review Gaza ceasefire efforts, reconstruction    CIB finances Giza Pyramids Sound and Light Show redevelopment with EGP 963m loan    Egypt, Uruguay eager to expand trade across key sectors    Egypt reveals heritage e-training portal    Three ancient rock-cut tombs discovered in Aswan    Sisi launches new support initiative for families of war, terrorism victims    Egypt expands e-ticketing to 110 heritage sites, adds self-service kiosks at Saqqara    Egypt's Irrigation Minister urges scientific cooperation to tackle water scarcity    Palm Hills Squash Open debuts with 48 international stars, $250,000 prize pool    Egypt's Democratic Generation Party Evaluates 84 Candidates Ahead of Parliamentary Vote    On Sport to broadcast Pan Arab Golf Championship for Juniors and Ladies in Egypt    Golf Festival in Cairo to mark Arab Golf Federation's 50th anniversary    Germany among EU's priciest labour markets – official data    Paris Olympic gold '24 medals hit record value    A minute of silence for Egyptian sports    Russia says it's in sync with US, China, Pakistan on Taliban    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Cybersecurity transformation in 2019 and beyond
Alexander Moiseev Published in Daily News Egypt on 30 - 08 - 2019

I'd like to tell you a short story. When working with a client on its security provision, we discovered that it had only devoted 4% of its total IT budget to cybersecurity. "Let's develop a solution with this 4%," said the client. It was only at that moment that I realized that cybersecurity is often considered as something that does not yet exist. This is a common misconception, and in some ways, this is the fault of the cybersecurity industry.
So what is cybersecurity?
For a long time, the cybersecurity industry has been doing what customers needed: offering products to protect them from existing threats targeting their networks. Moreover, customers were ready to pay for it, and this is more than logical – if there is a problem, people are ready to pay for a solution. But, as a result, the industry has made no effort to provide customers with a clear understanding of what cybersecurity actually is. Protection of information systems was perceived as adding layers into the system architecture: build an IT infrastructure, put some security on top and you'll be fine. IT was something that would speed up and simplify a few business processes, but not yet the backbone of business infrastructure.
Competitiveness, as well as effectiveness and profitability, did not depend on IT. As such, cybersecurity was considered as an optional not obligatory part of your business network, demanding an arbitrary amount of investments. People would only spend 4% of their IT budget on security because there was 4% allocated for ‘additional needs'.
Because of this, the industry just sold utilitarian products that worked with more or less any company servers and computers. The only difference between offerings was the number of endpoints and servers which needed protection, or for which budget was available.
Back then, the answer to the question "what is cybersecurity" was simple: cybersecurity is the software you buy to protect your IT infrastructure from malware. However, the modern business environment – at least when it comes to large enterprises – is transforming and so should the cybersecurity industry.
Today we live in an ultra-connected world. In an era of digital economies, where technology has become deeply entrenched in our lives, modern and efficient IT infrastructure is an integral part of any profitable business. When a business thinks about what kind of IT infrastructure it needs, it doesn't consider how to apply it efficiently, but rather what business goals can be achieved with the technology.
In other words, businesses know exactly what objectives they are aiming at. They want to use the right tools. But, more than that, they are looking for experts to demonstrate and explain what should be done in order to achieve their needs; not just someone who will propose a unified solution that (supposedly) fits everyone.
Yes, modern cybersecurity solutions protect from all the major sophisticated cyberthreats. But that's not a killer-feature anymore. Security software is rapidly becoming a commodity. Protection from any kind of cyberthreats is not something that modern businesses are looking for. That is something they already have, so it doesn't solve their cybersecurity challenges.
What would solve them?
The new ultra-connected and digitalized business environment requires a specific approach not just to cybersecurity, but to the very process of accessing cybersecurity. The latter includes not only finding cost-effective security technology that performs well in security tests but also understands what kind of protection a particular business needs. By default, any business has little insight into what specific protection fences they need to build to mitigate emerging attack vectors.
Should a business prepare itself for attempts by Chinese or Russian-speaking hackers? Should they invest considerable money inexpensive solutions that would protect a particular part of the company from disruption? Or is the probability of such an attack so low, that it would be more profitable to have this risk covered by insurance?
Would the NotPetya malware have brought the same amount of damage if the victims had known in advance that – given the global distribution of their business – they should pay more attention to protecting themselves from supply chain attacks?
These and other questions are really hard to answer if you don't have security expertise. On the other hand, as the experts, the security industry must cease to create one single product that addresses the myriad risks each different businesses face.
That is why the cybersecurity industry is moving from a realm of unified boxed products towards expertise-based, business-needs driven, unique solutions. As an industry, we must start to listen more to what clients are looking for, and we must start putting our knowledge about cyber threats into the context our clients are living in. This means creating specific, tailored and unique solutions to protect businesses from the threats they really risk facing. Not those that would have minimal impact on the performance of the core business IT systems and would be difficult to justify from a budgeting perspective.
The cybersecurity industry needs to learn how to minimize risks based on customer's goals and desired results, not the threats that customers should be protected from.
Cybersecurity is no longer just about providing software protection from all possible cyber threats, be it malware, spam or advanced persistent threats (APTs). It is not what you buy, but what you get. Previously, a notification from a security product about malware being caught on an endpoint was a sign that you were protected; proof that you made the right investment. Today, a wisely built IT infrastructure armed with specific protection technologies is astonishingly expensive and not cost-effective. It is pointless cybersecurity. A better indicator of cybersecurity is the fact that you didn't lose a penny due to cyber-incidents in the last quarter.
So, is it realistic to build proper cybersecurity with a limited budget?
Of course, it is. But with one important condition. This budget should be estimated as a result of expert cooperation between a business and an information security vendor. If a company's IT infrastructure is a vital mechanism that ensures the business functions, then the cybersecurity industry is a vaccine to give this mechanism immunity from problems threatening it without causing any side-effects.
Alexander Moiseev is the Chief Business Officer of Kaspersky

Clic here to read the story from its source.