Requirements for IT security products
The need for security in IT is greater than ever – this was evident at the TeleTrusT member conference. However, there are consistent requirements for IT security products that need to be met for successful implementation in businesses and effective application by users. Important for such products is their ease of use for end users; ideally, it should be possible to integrate them into familiar work environments so that users will not have to adapt to any major changes or require much time to get used to them. Encryption is high up on the list of priorities as well. However, while companies know that there is an increasingly urgent need to act and a willingness on their part to take measures in this regard, encryption is still not used across the board. The effort for installation, training employees, and implementation in companies are just some aspects that are responsible for the fact that solutions for easy and secure encryption are not being used sufficiently yet.
Protecting secrets and protecting intellectual property
Members of the conference agreed in unanimously that IT security will play an even more critical role in the future. Through digitisation and its transformative nature, a new culture of security is necessary and will gradually come into being. Protecting secrets and intellectual property from industrial espionage, for instance, is already enormously important for businesses, but GDPR (General Data Protection Regulation) has not sufficiently addressed those issues. Regulation is not supposed to merely focus on punishing violations, but more so on obliging companies by legislation to keep control over their data. This would ultimately benefit the companies themselves: Today, IT security is of great relevance and it is looked at very closely in critical business activities; in the future this will be even more in the forefront.
Cyberattacks- critical infrastructures and suppliers in the crosshairs
It is expected that cyberattacks on industrial control systems (ICS) will increase massively in the future and will no longer be primarily limited to areas with less protection. Particularly critical infrastructures for IT and confidential and sensitive data from authorities and large and medium-sized companies across all markets will be under more frequently ATP attacks (Advanced Persistent Threat). The fact that critical IT infrastructures are in the sights of hackers has only recently been proven by a cyberattack on a German hospital. There have been many proven incidents elsewhere in the world.
Supply chain partners play an increasingly important role for security breaches and data leaks, since they are often less well-equipped regarding IT security and therefore present easier targets for attacks. This way, they serve as gateways for cyberattacks on larger companies. In cybercrime and industrial espionage, data such as from e-mail correspondence is frequently collected and subsequently analysed. In order to prevent this, it is necessary that smaller companies that are functioning as suppliers take stronger measures to protect their data. Some vendors already provide solutions for this, where companies enable third parties to communicate securely by extending their capability to their supply chain.
Another topic at the conference this year was AI (Artificial Intelligence) and its place and use in IT security. The goal will be for AI to be able to independently and proactively detect irregularities in processes and, where necessary, intervene in a protective manner. IT security experts are also going to benefit from AI’s capability to process immense amounts of data; they will become faster in their work and therefore be able to react to IT security risks more effectively, releasing the true value of that data for the purpose it was intended.
Thanks to TeleTrusT for organising and hosting this year’s member conference. We had many fruitful discussions and came away with a lot of food for thought!