Cyber resilience: implementing smart security to match smart city developments

Cyber resilience: implementing smart security to match smart city developments

Harshul Joshi, Senior Vice President of Cyber Advisory Services at DarkMatter

Governments in charge of hubs of innovation such as Abu Dhabi, Dubai and Singapore are assuming a pro-active response to protecting the public digital infrastructure. Their approach is to safeguard their digital futures from potential harm, says Harshul Joshi, Senior Vice President of Cyber Advisory Services at DarkMatter.

Singapore already enjoys a reputation for being a slick city state, utilising cutting-edge technology to improve the lives of its residents and visitors, and to boost the prospects of businesses based there. As a services hub, connectivity and information exchange lies at the heart of Singapore’s continued success, and it comes as no surprise that digitisation and the fostering of enduring smart city ecosystems is an overarching national imperative.

Singapore recently hosted the Hack in The Box cyber security event, which brought together security researchers and professionals from across the globe, and featured technical training aimed at scoping the cyber risk landscape and assessing what can be done to minimise it.

It is telling just how seriously Singapore takes the integrity of its digital infrastructure given the nation state’s firm position that digitisation is the catalyst to its ongoing development and success. The state also makes it clear that to maintain the viability and vitality of its digital transformation, trust is central, and trust can only be established and maintained through a disciplined and holistic approach to cyber resilience.

Reflective of the heightened awareness of the interconnectivity of digital systems, Singapore is also becoming the educational hub for specialisations based on managing and securing Internet of Things (IoT) environments. One educational institutional in Singapore, for example, offers a Post-Diploma Certificate in IoT Technology, giving students ‘the core knowledge and skills required to engage in the creative development of innovative IoT solutions, with access to state-of-the-art technologies.’

The institution suggests that such skills enable learners to develop disruptive solutions or improve productivity for their organisations, and upon completion, graduates should be able to:

  • Understand architecture and system design of IoT
  • Design and develop smart IoT applications
  • Manage smart IoT projects

Not everywhere in the world is as technologically advanced and tuned-into digitisation as Singapore, though the reality is given the growing interconnectivity of digital systems with little respect for geographic boundaries, the level of cyber security everywhere has to improve. After all, a globally connected network is only as strong as its weakest parts as has been witnessed through the wave of ransomware and other attacks affecting systems across the globe.

In the UAE, which is another country to have actively prioritised its smart environment evolution, authorities there recently announced the deployment of an advanced cyber security network to 35 federal entities with the aim to protect government institutions from advanced persistent threats (APTs).

Coined the Federal Network (FEDNet), the sweeping upgrade was introduced by the UAE’s Telecommunications Regulatory Authority (TRA) and is designed to serve as a common infrastructure for federal entities. The network allows interconnection and data exchange between all local and federal government entities, verifying the pattern of any e-content, whether an email or a website. The system then assesses any suspicious patterns in how the data is dealt with, helping protect against zero day attacks.

This government-led cyber security initiative follows the launch of a cyber security strategy by Dubai earlier this year, aimed at strengthening the city’s position as a world leader in innovation, safety and security, and the management of cyber security risks.

The strategy focuses on five main domains; the first being the cyber smart nation, which aims to raise public awareness on the importance of cyber security, ensuring the development of a society that is fully aware of the potential dangers of cyber crime. The goal of this directive is also to invest in the skills and capabilities necessary to manage cyber security risks among government and private institutions and individuals in Dubai.

The second domain relates to innovation in the field of cyber security, and the establishment of safe and secure cyber space, so as to encourage further innovation in Dubai.

The objective of the third domain is to secure cyber space by establishing controls to protect the confidentiality, integrity, availability and privacy of data.

The fourth domain focuses on establishing and maintaining cyber resilience, ensuring the continuity and availability of IT systems in a digital environment.

Authorities in Dubai believe these objectives can only be achieved through the national and international collaboration among different sectors, and as such the fifth domain is related to cyber security co-operation and information exchange.

It is impressive and formidable that local and federal governments like those of the UAE, Abu Dhabi, Dubai, Singapore, and others are assuming a pro-active stance to cyber securing public digital infrastructure with the view to safeguarding their societies’ digital futures.

DarkMatter’s own research points to a burning requirement to reduce the gap between the pace of innovation powered by digitisation, and the extension of cyber resilience to networks and devices in a much more rigorous fashion.

According to a DarkMatter survey employees ranked the rising sophistication of cyber attacks as the leading challenge to enterprise security

According to a recent survey conducted by the firm, private sector and government employees ranked the rising sophistication of cyber attacks as the leading challenge to enterprise security in the foreseeable future, according to a survey of over 1,500 respondents. 28% of private sector employees and 35% of government employees ranked this factor as the single greatest challenge facing enterprise security out a list of nine issues.

Private sector employees went on to rank a lack of budget and the requirement to manage security in a 24/7 live business environment as the second- and third-placed challenges facing enterprise security going forward, with government employees identifying the very same challenges, only in reverse order.

The survey showed that 59% of private sector respondents believe their organisations experience multiple material cyber security incidents on an annual basis, with a further 22% of respondents stating they were unsure whether their organisations did so or not. Given that organisations regularly face cyber incidents, or even breaches that they remain unaware of, it would be reasonable to expect that the number of organisations to have suffered some type of cyber security incident is significantly higher than survey participants’ estimates.

In findings that run contrary to the expanding threat surface of the modern cyber security landscape, 67% of private sector respondents and 78% of government employees said they believe cyber defences are effectively keeping up with the expansion of cyber threats. We believe this outlook may explain why, despite organisations globally spending billions of dollars a year on cyber security defences, the number and impact of cyber breaches continues to rise drastically.

Within our survey, across private sector and government employees, over 30% of respondents said they perceived spending on cyber security within their organisations as being partly a cost and partly an investment, rather than being completely one thing or the other. 17% of private sector respondents considered organisational spending on cyber security as a cost to the business, while almost 30% considered it an investment – results that were widely echoed in responses from government employees.

We believe in order to preserve the fantastic gains made by digital transformation, cyber security needs to be elevated to cyber resilience, which relates to the adoption of a security life-cycle spanning the planning, prevention, detection and protection, and response to cyber incidents on a continuous and real-time basis. Organisations need to assume a state of breach and develop processes and invest in capabilities to mitigate any incidents that may arise.

Lying at the heart of cyber resilience in digital environments is trust; the notion that the identity of parties to a transaction, and the information they exchange can be vetted, verified and secured while in transit or at rest.

Browse our latest issue

Intelligent CISO

View Magazine Archive