Dr. Demet Karaali, Head of IT – Product Development and Production, Daimler Truck Asia
I would rate the below four challenges as major ones that impact the cyber security space that our team is currently working upon.
Internet of Things and Cloud security
The more devices we connect and network, the more potential doors and windows exist that attackers can use to get in and access our data.
IoT devices – ranging from smart wearables to industrial machinery – have often proven to be a concern for the cybersecurity team. This is because, as they are not often used to store sensitive data directly, manufacturers have not always been focused on keeping them secure with frequent security patches and updates. The security concerns start right from the manufacturing or assembling of the IoT devices until the production line or machinery where they are used.
More organizations move towards cloud computing due to various advantages in terms of operations, flexibility, and services being offered. At the same time, the degree of challenge increases too. Especially APIs are more prone to attack, and they are an easy entry point for hackers. The other one is access management, which gives tough times for many organizations.
Most of the time OEMs make sure that they have security-related solutions that make their production line run without line stoppage. It is equally important to make sure, that parts get supplied to the assembly line from Suppliers. Recently, Tier 1 and Tier 2 suppliers are affected by attacks that completely stop their production or make their data available on the dark web. This has a serious impact on OEMs as well.
Consider a scenario, where an employee is attending a call from a popular coffee shop in Tokyo. He connects to the free Wi-Fi and attends the critical call. Might look like a normal one, but it has many challenges as your company device is connected to a free public network.
“We have created a Cyber Security Awareness platform, where users can attend quizzes, self-access their knowledge on Cyber Security, and get trained on scenario-based training.”
Employees unwittingly fall victim to phishing attacks, were attackers trick users into divulging passwords. With more people working remotely, it is increasingly likely we may find ourselves working in teams where we do not know each other as well and are at risk of falling for impersonation frauds. It also enables ransomware attacks, where software is injected into networks that erase valuable data unless users pay a ransom to attackers.
Building A Security-Aware Culture
Every Organization has to ensure that it is working towards initiating and fostering a culture of awareness around cybersecurity issues. Today, it is no longer good enough for employers or employees to simply think of cybersecurity as an issue for the IT department to take care of. Developing an awareness of the threats and taking basic precautions to ensure safety should be a fundamental part of everyone’s HR goal in 2023.
Some Of the Major Predicaments in the Cybersecurity Space
Artificial Intelligence (AI) Enabled Hacking
Machine learning algorithms can examine the vast amount of data moving across networks in real-time far more effectively than humans ever could and learn to recognize patterns that indicate a threat. Unfortunately, AI, hackers, and criminals are growing increasingly proficient at using it too.
AI algorithms are used to identify systems with weak security or that are likely to contain valuable data among the computers and networks connected to the internet. It can also be used to create large numbers of personalized phishing emails designed to trick receivers into divulging sensitive information and become increasingly good at evading automated email defense systems designed to filter out this type of mail.
Visibility To Threats Inside the Network
The endpoint detection mechanisms, security monitoring functioning, and detecting malicious activity in our network promptly invoke the right response. All these are like running 24×7 and 365 days.
With the pace of vulnerability identification and exploit development, it is difficult to keep defenses current and know for certain that we can thwart all attacks. That is why it is important to regularly test our processes and tools to make sure that we can prevent or detect of-the-moment attack techniques.
Anticipating What Users Will Do
Predicting the unpredictable. There’s more that users will do. They click links and post on social media. We do not know when our users will be targeted and fall victim to a phishing attack. Scenario-based pieces of training and awareness are being executed. But it has become a never-ending action. The awareness started yearly, then monthly. now, we do it weekly.
We need to anticipate the worst and be ready for prevention. We need to make sure our organizational cultures allow and incentivize users to be vigilant and empower them to challenge authority and slow things down when something smells phishy.
Technological Trends which Excite Me for the Future of the Cyber Security Space
Artificial Intelligence or Machine Learning is the future of cybersecurity.
Machine learning has the potential to help organizations not only detect threats but also mitigate them before they have any little chance to impact their operations.
AI (Artificial Intelligence) is an umbrella term for technology that mimics human cognition. AI can be used to automate tasks in a wide range of fields, including cybersecurity.
Artificial Intelligence and the future of cybersecurity are connected so tightly, as AI will have a huge impact on cybersecurity. The greater the amount of data generated, the greater the number of cyber threats. As a result, we are finding it increasingly difficult to keep up.
AI has the potential to improve many aspects of cyber security, including incident response, creating awareness, malware detection, and so on.
Tech-Enabled Security Awareness
We have created a Cyber Security Awareness platform, where users can attend quizzes, self-access their knowledge on Cyber Security, and get trained on scenario-based training.
Ex- An employee on the shop floor can learn all the possible use cases related to security on the shop floor. Similarly, a program developer can learn about secure communication to APIs exposed in our cloud.
This helps in addressing user-specific pieces of training or awareness, which is not common for all types of users in an organization. Also, we can concentrate on what information is shared, which is very critical for the set of users to know.