You return home and find a window open. You look around and discover that you have been the victim of a break-in.
But is crime still going on? Is the intruder still there and what is the objective?
That’s exactly what companies must decide when they detect hacking underway. There may be good reasons to observe the crime under way---and also good reasons to stop it.
Stanislas de Maupeou, Cybersecurity expert at Thales
He says, “The problem is often that companies don’t detect cyberattacks until information has been stolen or destroyed and when information systems themselves have been damaged. That’s because they have not prepared for the inevitable and at a time when more data is more vulnerable In fact, already today, there are only two types of companies: those who know that they have been attacked and those who don’t until it is too late.”
Cyberattacks are not only damaging for businesses; they can be catastrophic for a military system, de Maupeou points out, “Just imagine cyberattack software placed to ‘sleep’ in a arms system and made remotely actionable by your adversary”.
There are four stages of Cybersecurity, de Maupeou, explains:
- Cybersecurity by Design. ”Safeguards should be built-in from the beginning in the computer systems architecture. It’s similar to constructing a building with firewalls to stop a physical fire from spreading .Defence systems must be made fail-safe. The system must be continually tested because hackers are constantly creating new techniques.”
- Detection combined with Cyberthreat Intelligence. “We need to identify the threats in advance and to detect the attacks as soon as possible that means before the main consequences. This means identifying all possible sources and types. With the Digital Transformation spreading, both the number and variety of sources of attacks is increasingly exponentially. The Internet of Things, for example, creates many more ‘doors’ for hackers to find. So Big Data Analytics and AI are essential tools to make sense of the huge data flows to detect, analyse, and react in time. Experts need to be called in because few organizations have the in-house specialized capability”
- Incident Response. “Once an attack has occurred, it’s really too late; getting ready for an attack is the only defense. So testing the response system is a must. To prepare for an attack, you need to understand what type of attack is occurring, where it has hit, and its consequences. It’s true crisis preparation that needs to be done. It’s a natural complement to the Detection stage preparation.”
- Remediation. “Our Rapid Reaction teams apply cyber-forensic techniques to determine precisely what has happened and reconstruct the system to avoid it happening again. The Thales teams are available on a 24/7 basis and are certified by national authorities for critical infrastructure intervention. This assures the proper methodology with trained specialists at a time when there is a shortage of experts”.
Throughout the entire process, Thales applies its expertise not only in Cybersecurity but also in Connectivity, Artificial Intelligence and Big Data Analytics.
Stanislas de Maupeou concludes, “No organization is immune at a time when more data is at more risk. So, with Cybersecurity, the old adage has never been as critical to practice: ‘An ounce of prevention is worth a pound of cure’”.