Using the power of cooperation to defeat cybercrime
Philippe Letellier
ITEA Vice-Chairman
Pierre Barnabé
Senior Executive Vice-President, Head of Big Data & Cybersecurity
Vasco Gomes
Global CTO for cybersecurity products, senior expert and member of the Scientific Community
Posted on: 9 June 2020
Cybercrime is an ever-growing issue in an expanding and increasingly accessible digital world, where any chink in the armor can be an Achilles’ heel for business operations, anywhere and at any time. As with digital transition matters, Research & Development & Innovation (R&D&I) cooperation should be implemented to block the cyberattacks that threaten our digital society, to act as a kind of guardian angel and offer sage and easy-to-use cybersecurity.
In view of the steady growth of cybercrime and its increasingly real threats and impact, the need to be informed and prepared to deal with the risks that are posed cannot be understated, from disruption in the supply chain to spying and data theft. In fact, whatever security issues you find in the real world can also be found in the digital world.
Phases of cyberprotection
“Cyberprotection can be seen in terms of phases,” says Pierre Barnabé. “The first was denial, at the start of the 2010s when many thought of cybercrime as a problem for others, and then came the second phase – raised awareness – that we are coming to the end of today." This period of ‘alertness’ has seen IT security spending among companies and organizations rise from 2-3% to 7% of budget and it is believed to continue up to 10% by 2023. As organizations become more reliant upon digital ecosystems, their Security Posture takes on added weight.
Now we are entering the third phase, which is dynamic protection and cooperation.”
This new phase is really a turning point because in such a sensitive situation the willingness to cooperate could be undermined by proprietary business interests. This is where the ‘bubble of trust’ is a key and decisive concept. Atos is part of a Charter of Trust in which more than 20 large corporations such as IBM, Siemens, NEC and others confidentially share information on cyberattacks with each other. What this means is that by cooperating, the protective wall is reinforced and the strength of the many reduces the opportunity of the few. Cybercriminal organizations tend to compete rather than work with each other. As Pierre explains, “there’s a lot of information available to cybercriminals on the Dark Web, for example, so by working with your business partners with the bubble of trust, you can close doors, and fill in gaps and cracks that might otherwise be penetrated by the wrong people.”
Cybercrime is big business
Another real risk lies in the chain of subcontractors and suppliers. Take a company like Airbus, which has a seat supplier that purchases upholstery materials from one supplier and screws from another supplier – there could be many layers involved – then if just one supplier is compromised, the implications could be devastating.
As an illustration, in July 2018, Gartner predicted that “by 2022, security ratings will become as important as credit ratings when assessing the risk of business relationships.” To ensure protection all through the supply chain demands a huge effort but, as Pierre emphasizes, “the more we create the bubble of trust and collaborate, the higher we can raise the bar in our cybersecurity.” The revenue of cybercriminals is growing by 15-20% each year, so it’s an attractive business to be in. It has a GDP bigger than that of Saudi Arabia and ‘employs’ some very highly-paid clever people – sharp and agile young minds who are capable of designing highly complex attacks.
In the market of crime, cyber is worth more than all the crime sectors together, including drugs, prostitution and extortion. “And then I come to my fourth phase,” Pierre says, “and that is the legal framework for prosecuting cybercriminals. Although that’s still a few years away, it is something that is worth thinking about today. Can you think of anyone who has yet been imprisoned for cyberextortion?”
One-upmanship
Risks also come in the shape of objects in the Internet of Things world. Currently most are low-level objects that lack the capacity and storage for ‘spying’ or ‘damage’ but in the future more complex objects like robots could become targets for cybercriminals. Whether this is a CPU in a vehicle or a robot in a factory or in the home, the consequences of a ‘bad robot’ could be devastating.
“To take a very recent example in this time of coronavirus,” adds Vasco Gomes “a robot is being deployed in the parks of Singapore to monitor physical distancing. Just imagine the chaos a very savvy engineer with a grudge could sow if the robot’s security has an Achilles’ heel.” The questions that arise include: are we adopting too fast, is the product mature enough, are we trying to run before we can walk? Or is it a battle of creators? Attack and defence, who has the better design? Can we infuse more AI into the defence mechanisms? And, just as important, who is prepared to collaborate for the greater good?
Tackling the cybersecurity challenges for our customers
To this end, ITEA and Atos, together with Bosch, Airbus and KoçSistem decided to initiate an international virtual workshop on Cybersecurity to try to mutually understand what the most urgent and painful challenges are for customers today. “Not,” as Philippe Letellier, is keen to point out, “by trying to define any kind of strategy from on high, but by sticking to the reality of the actual challenges faced by businesses.” The aim is to gain greater insight into the key challenges and new trends in cybersecurity with regards to architecture, IoT, AI to enhance security, sovereignty or post-quantum crypto regulation.
Stay tuned for our next blogs where we will be presenting the workshop’s main findings.