Dubai: Internet was not created with security in mind and it was for pure connectivity. Its original design accounts primarily for data to be passed from one host server to another along a wired network.
But, now the same internet is used by criminal organisations, which have already made billions and appear to be re-investing, to develop new and more sophisticated malware and viruses to steal information and cause damages. The threat posed by the internet seems to grow worse each year.
Hackers once attacked only computers but now, it is threating banks, governments, Hollywood studio, power grids, etc.
“Everything on the internet was built with performance, not security, in mind. One little mistake is all it takes for the bad guy to get in,” said Kalle Bjorn, Director of Systems Engineering for Middle East at Fortinet.
He said that there could be some “additions” done to bring in security into the internet. Security is the other side of connectivity.
When you look at the internet today, he said that there are not enough resources to scan for threats. “We need much more powerful systems which need to be distributed and managed by multiple parties.
We need to have security and responsibility at every single level. It starts with the end user, internet service providers, SMBs, enterprises, etc,” he said.
When asked whether a global cybersecurity group or law will help, Bjorn said that it may be difficult to dictate globally but on the other side, it will be better for organisations to protect themselves.
Security is something which is to be considered when expanding a network. The only thing you need to worry before was burglary and fire, etc. Now, everything is connected and accessible over a network.
“Now, if you look at the source of the malware, government-backed or government-funded organisations search for zero-day flaws. They discover and keep it to themselves. It is a sort of double standard. One side, they talk about global security laws and on the other side, some organisations sponsored by the same governments are exploiting the vulnerabilities,” he said.
Maybe, there could be something unofficial, something that everybody could adopt, but people will always see somebody doing their own things they want to do and not following the rules. That is the human behaviour, he said.
Sebastien Pavie, regional director for enterprise and cybersecurity at Gemalto META, said that it is difficult to have a global cybersecurity law or authority.
In Europe, there is General Data Protection Regulation (GDPR) which will come into effect on May 25, 2018.
While the originator of data remains the owner, under GDPR anyone who processes that data is also responsible.
Dierk Schindler, Head of EMEA Legal and Global Legal Shared Services at NetApp, said: “As the cloud continues to transform the way we do business, the GDPR is a landmark piece of legislation. It lays the foundations for our data-driven future and provides a strong incentive for all enterprises which process EU citizens’ data to build a robust data privacy compliance framework.”
All companies, including international firms, doing business with individuals located in EU member nation territory must comply with the law. Failure to act quickly to prepare for the regulation could have serious consequences — to an organisation’s bottom line, customer relationships and brand image.
Turkey has its known PPD (protection of personal data) and in South Africa, it is called Protection of Personal Information Act (Popi).
“There are also large corporations that have put mandates in place in countries and Qatar has Data Protection Law, Saudi Arabia has its own data protection law based on Sharia and the UAE has National Electronic Security Authority (Nesa),” Pavie said.
Globally, he said that industry-specific laws can happen such as the Dubai Healthcare City and Dubai International Financial Centre (DIFC) free zones in the UAE and the Qatar Financial Centre (QFC) in Qatar have enacted data protection laws that regulate the processing, storage and transfer of personal data by organisations operating within their specific jurisdiction.
“We need to have a regional governing authority in order to be able to have cybersecurity regulations like GDPR,” he said.
Bjorn said that the biggest challenge for a Chief Information Officer is to be right 100 per cent all the time whereas the bad guys have to be right only once to gain access to a network.
