Cloud Hosting

Cyber security, surveillance and data storage are all sectors seeing spectacular growth. But in an increasingly tense and complex world - how secure should CEOs really feel?

Life in our internet-enabled, hyper-connected world can feel scary at times. In the last few years, we've seen a rise in geo-political tensions and reports of cyber hacks and attacks seem to occur with alarming regularity.

The job of staying safe now means much more than locking our doors at night, and for the bosses of the world's biggest companies - doing business securely has become more complicated than ever.

Throughout 2023, government privacy and protection regulations are predicted to reach more than 5 billion citizens.

Compliance with the latest data protection laws across different countries can require intricate and exhaustive planning.In fact, government regulations requiring firms to provide consumer privacy rights are estimated to cover more than 70% of global GDP.

Cyber Security expert and Managing Partner at SBS, Augusto Coriglioni,is on the front line of the fight to fend off digital threats.

Euronews asked him to describe what CEOs and their security teams are dealing with day to day.

"Generally speaking, cyber security is safe enough. Even if we are to say that cyberspace is limitless. Back to real life, [daily] life, we have to say there are thousands of attacks and accidents every day. Also, there are some others which are detected but are not reported by companies or authorities because they do not want to create panic or misinformation for their users," he explained.

"But it is also very important to understand there are some other kinds of attacks where they enter your system and stay silent for information,"Coriglioni added.

Governments also have a huge role to play in keeping us safe. Euronews spoke toAir Commodore Mark Biggadike, who was the UK Senior Representative for the FIFA World Cup 2022, andCaptain Talal Burshaidfrom the Qatari Emiri Air Force to find out how teamwork between different countries helped everyone stay safe during last year's FIFA World Cup in Qatar.

"Bringing in the other partner nations the United States, Italy, France, Turkey and Pakistan as a group we worked extremely well together. Qatar were very welcoming and open and I think that really helped in establishing a very effective security operation, keeping the event safe, secure and successful," saidAir Commodore Mark Biggadike.

"I think the military, particularly the royal air force has always had a close relationship with business and technology specifically. So, I see that only increasing as we get more complex technologies and we incorporate those into our assets. I think defence engagement is a growth area for us, we are very keen as [the] UK to work with our international allies and partners on these sorts of projects so I think its only going in one direction."

"Over many years we collaborated and worked with a number of global security partners to ensure we would be ready to host the World Cup and now it has successfully passed, all of the knowledge sharing that occurred and the experiences that were also shared will always be applied in future references in hosting any global events and any sporting events," explainedCaptain Talal Burshaid.

Its not only big businesses and governments that need to adapt to the challenges of cybersecurity. In the modern-day virtual world, members of the public also must take precautions in order to ensure they are safe whilst they surf the net.

Laurie Maclachlan from the multibillion-dollar tech company, Launch Darkly, told Euronews that even though people might be concerned, there is a huge amount of security protocol in place to combat these problems.

"I think they are quite right to be concerned, absolutely. But I think with the evolution of the cloud has come the introduction of a huge number of different safety checks and protocols adherence to data protection laws for example. They still have a choice. They certainly dont need to consume all of their services. Certainly, if 94% of all businesses are using the cloud, that tells you there is a huge amount of safety built into everything which is delivered by the cloud," LaurieMaclachlan explained.

The business of keeping us safe is booming. Decisions about our safety whether in the corporate boardroom or the cockpit of an aircraft are being made with millions of data simultaneously. It's this state of constant connection that creates the commercial opportunity - but with 5 billion people now protected by some kind of data regulation - scrutiny of those we trust to keep us safe has never been greater.

Pharmaceutical giant, Johnson & Johnson, is set to publish its first quarterly earnings of 2023. In the aftermath of the Covid-19 pandemic, pharmaceutical companies are seeking alternative methods of keeping revenue high with Johnson and Johnson pinning hopes on a new drug to treat the Dengue virus which if successful, could be ground-breaking in tackling the disease.

From Pharma Giants to Banking giants, JP Morgan is also set to unveil their first quarterly results of the year. The American banking behemoth will publish its results during a time of concern for the US banking system with the collapse of SVB.

And will it be refreshing news for Coca-Cola shareholders as they meet this week for their first annual conference of the year? The soft drink company is preparing to release their quarterly results after a strong finish to 2022. Their shareholders will be hoping that their stock market performance continues to sparkle.

See more here:
Cyber security: An insight into the business of keeping people safe - Euronews

Gartner projects that spending oninformation security and risk managementproducts and services will grow 11.3% to reach more than $188.3 billion this year. But despite those expenditures, there have already been at least 13 major data breaches, including at Apple, Meta and Twitter.

To better focus security spend, some chief information security officers (CISOs) are shifting their risk assessments from IT systems to the data, applications, and processes that keep the business going.

If you look at security from a purely technical perspective, its easy to get lost in, `I need to have this shiny object because everyone else has it, says David Christensen, VP and CISO at benefits administration software provider PlanSource. The reality is often the most popular or well-known new security solution can waste money and slow the business, especially if it doesnt align with business goals. And even if it helps secure one part of the business, it may not be the part of the business or business process that creates the most risk or is most important.

Don Pecha, CISO at managed services provider FNTS, agrees, adding: Each business unit of the company might have unique considerations, and unique compliance, regulatory, or privacy applications, and each business may have unique risks for the board or C-suite to consider.

Frank Kim, CISO-in-residence at venture capital firm YL Ventures, and fellow at the SANS Institute, cites the case of one CISO who was fired after suggesting costly endpoint detection, and response and incident response programs considered not stage appropriate for such a startup. Their focus was on survival and revenue growth, Kim says. He didnt realize his job was not just to suggest a bunch of new security capabilities, but business enablement.

Aligning security with the business goes beyond traditional methods of justifying security spend, such as warning of consequences from hacks or trying to prove ROI. For internal enterprise security teams, Kim says to accept that security is a cost center and demonstrate how the CISO manages total cost of ownership over time. This might include updating CFOs and CEOs on specific cost reduction, such as reducing spend with a security vendor, finding a less expensive product to fill a security need, or improving internal metrics such as the average cost to mitigate a vulnerability, adds Tyson Kopczynski,SVP and CISO at financial services provider Oportun.

Christensen further suggests explaining how security can cut costs or increase productivity. For example, he says, web application firewalls dont only protect applications but cut networking costs by reducing spurious and malicious traffic. Also, adopting zero-trust architecture and secure access service edge technologies can help boost productivity by freeing users from manually deploying virtual private networks to access resources or interrupt meetings when their VPN fails.

Kopczynski adds that CISOs can uncover such improvements with questions such as whether their organization is using all the functions in a security tool, if those features overlap with other tools, and whether the organization is paying too much for licenses or for too many licenses. Ways to maximize value include considering tools that perform multiple security functions, or running penetration tests, attack simulations, or offensive security campaigns that prove a tool can repel high impact attacks, he says. For example, he uses the Titaniam encryption engine to support several data protection use cases, as well as security tools provided by cloud providers such as Amazon and Microsoft. We also look at generic cloud security solutions that provide multiple sets of protections, versus addressing one particular use case, he says.

At global marketing agency and consulting firm The Channel Company, security considerations are deeply embedded in business strategy and budgeting, says CIO Rik Wright. This ranges from the need to meet the European Unions GDPR to complying with security requirements from customers.

Averting threats is also part of the security value equation at the firm, which uses managed services provider GreenPages both for infrastructure and to help meet its security needs. Wright says hes seen some companies spend potentially business threatening amounts up to $20 million after a ransomware attack, so preventing such losses, he says, represents very real value.

Aligning security spend with business needs starts with understanding what is most important to business managers.

Kim recommends using a risk = impact x likelihood formula, and understanding on a scale of 1 to 10 what your most important processes and assets are. Your financial data might be a 10 but your HR data might be a seven as its not a business differentiator, he says. Just using a simple scoring rubric to your risk calculation helps to bubble up what the priorities are.

Besides business, Christensen says CISOs must also consult IT to understand the administrative burden a new security technology might impose, and all the areas in which a security tool could be used to maximize its value. He uses the Secure Web Gateway from dope.security to not only control access, but to understand what information and Web sites users are accessing, and the potential risks they expose the business to.

Industry standard frameworks can also provide a common language and structure for risk assessment, like the NIST (National Institute of Standards and Technology) cybersecurity framework. Its simple enough that its not necessary to be a security practitioner to understand it, but it models your maturity and helps to relate that to business stakeholders, says Christensen, adding its also based on industry standards rather than the CISOs opinions, and is continually updated to reflect new risks.

Different security frameworks are best for different industries, says Pecha. If Im in government, Im going to align with NIST, he says. If youre a global business, use the ISO/IEC27000 family of standards. Its not necessary to be certified, but be compliant and understand what the controls are in order to understand your partners security needs as well as your own.

Scott Reynolds, senior security and network engineering manager for manufacturer Johns Manville, uses the ISA/IEC 62443 standard to create a common understanding between business managers, security experts and suppliers about common terms such as the zones of assets that share common security needs. This process also shows we agree on the same level of risk for the entire zone, and not just each asset in the zone, he says. The weakest link in the zone will impact all the assets within it.

Over at media creation and editing technology provider Avid Technology, Dmitriy Sokolovskiy, its CISO and CSO, uses NISTs Cybersecurity Framework to measure the maturity of his security processes, and the Center for Internet Securitys top security controls for specific tactical guidance,which, he says, highlight, low-hanging fruit that businesses can easily address in their infrastructure.

Several CISOs were skeptical about using benchmarks to compare their security spend with others. Thats because, they say, companies may define security spend differently or have different needs. They also say benchmarks often dont describe how and why organizations allocate their security budgets. As a result, they use benchmarks as a rough guide to budgeting, relying primarily on their own risk assessments.

But Kim warns CISOs against refusing C-level requests for benchmarking. Its not unreasonable to ask for a benchmark, he says. A chief financial officer couldnt say, We cant compare our earnings-per-share with others in the industry. Provide benchmarks, he says, but as one part of a wider explanation of how your security spend compares with others, the challenges the organization faces, and how youre reducing the total cost of ownership of security over time.

CISOs should describe current threats and attacks, says Pecha, and supply alternatives to remediate them. Its then up to the board and the C-suite to decide whats acceptable and what needs to be done to manage the overall risk to the business, he says, because only they have the clout to drive change.

Insisting a business executive formally accept a business risk, even in writing, often convinces them to agree instead to the proposed security spend. When Sokolovskiy has insisted such signoff, Without fail, so far the business unit was actually driven to lower the risk themselves because they own it, he says.

A business-focused approach can also spur efforts by security and business teams to identify opportunities to increase efficiency and save money, says Christensen, such as by eliminating redundant systems and processes. With business alignment, you have no choice but to find unique and innovative ways to solve problems that are generated by how the business operates, he says.

Read more:
Why IT leaders are putting more business spin on security spend - CIO

The MoU will boost cooperation between the two players in various areas, with the aim of co-developing solutions in specific technology fields such as quantum cryptography, the green transition and secure solutions for logistics and transportation markets

Leonardo, one of the worlds leading players in the Aerospace, Defence & Security sector, and Cisco Systems, a global leader in the networking and IT sectors, have signed a Memorandum of Understanding (MoU) with the aim of scaling up their mutual business relations and launching a structured collaboration in the civil and defense industry domains.

Within the framework of the MoU, activities will be carried out with the aid of dedicated working groups to periodically and jointly identify business opportunities and areas of technical cooperation that can meet market demands, particularly in the sectors of cyber security, secure networking, Internet-of-Things, the digital workplace and cloud edge computing.

Amongst other things, the agreement provides for the development of potential integrated solutions based on the two players specific and distinctive technological capabilities, with a view to proposing appropriate solutions for market needs. Detailed roadmaps will be drawn up for specific technology areas, such as quantum cryptography, the green transition and security solutions for logistics and transport, enabled using drones and advanced urban security systems.

The MoU also embraces the possibility of joint commercial offerings, via a process of analyzing existing products and solutions aimed at national and international markets, in order to broaden the business opportunities and the audience of potential customers for both players. Finally, under the agreement, Leonardo and Cisco commit to guaranteeing each other reciprocal commercial advantages on proposals previously identified by the two companies that will be finalized in a series of strategic programs.To optimize the joint activity governed by the MoU, a steering committee will be set up to monitor the progress of the partnership and evaluate the overall performance of the collaboration. In turn, the steering committee will set up specific working groups to concretely pursue the joint business opportunities that have been identified.

****

Leonardo, a global high-technology company, is among the top world players in Aerospace, Defense and Security and Italys main industrial company. Organized into five business divisions, Leonardo has a significant industrial presence in Italy, the United Kingdom, Poland and the USA, where it also operates through subsidiaries that include Leonardo DRS (defense electronics), and joint ventures and partnerships: ATR, MBDA, Telespazio, Thales Alenia Space and Avio. Leonardo competes in the most important international markets by leveraging its areas of technological and product leadership (Helicopters, Aircraft, Aerostructures, Electronics, Cyber & Security Solutions and Space). Listed on the Milan Stock Exchange (LDO), in 2021 Leonardo recorded consolidated revenues of 14.1 billion and invested 1.8 billion in Research and Development. The company has been part of the Dow Jones Sustainability Indices (DJSI) since 2010 and has been confirmed among the global sustainability leaders in 2022. Leonardo is also included in the MIB ESG index.

Cisco (NASDAQ: CSCO) is the worldwide leaderin technologythat powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teamsfor a global and inclusive future. Discover more onThe Networkand follow us on Twitter at@Cisco.Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Ciscos trademarks can be found at http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Press contacts:

Leonardo

Tel: +39 06 32473313

leonardopressoffice@leonardo.com

CISCO

Tel: + 39 02 91339811

pressit@external.cisco.com

Follow this link:
Leonardo and Cisco partner up to develop joint technology projects - Leonardo