Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Transcription

1 Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014

2 Table of Contents Section Slide Number Executive Summary 4 Research Scope 5 Research Methodology 6 Key Findings 7 Technology Overview 9 Why is Cybersecurity Essential? 10 Overcoming Key Challenges 11 Layers of Cybersecurity 12 Healthcare 19 Vulnerable Areas 20 Key Challenges 21 Restructuring Healthcare Security 22 Layered Approach to Securing Healthcare Data 23 Securing Connected Medical Devices 24 2

3 Table of Contents (Continued) Section Slide Number Cybersecurity Innovations for Healthcare 25 Information and Communications Technology (ICT) 26 Cybersecurity: Challenges to be Addressed 27 Cyber Risks and Vulnerabilities 28 Cybersecurity Innovations for ICT 29 Innovation Trends and Future Opportunities 30 Aerospace and Defense (A&D) 31 Cybersecurity: Challenges to be Addressed 32 Escalation of Cyber Threats in A&D: Key Factors 33 Cybersecurity Innovators for A&D 34 Cybersecurity in A&D: Future Opportunities 35 Banking and Finance 36 Cybersecurity in the Banking and Finance Sectors 37 Energy and Manufacturing 38 Cybersecurity in the Energy and Manufacturing Sectors 39 Analyst Insights 40 Key Patents 42 Key Contacts 46 The Frost & Sullivan Story 50 3

4 Research Scope The growing number of cyber attacks and cyber crimes have resulted in compromise of data, important computing resources and network outages. With the implementation of Information and Communication Technologies (ICT) in almost every sector, attacks have been increasing at an alarming rate. The need for efficient cybersecurity solutions is evident in every sector. This research service focuses on the impact of cyber threats and attacks in key sectors and the Cybersecurity approaches adopted in each of them. The research service includes the following: Overview of the various layers of Cybersecurity Impact and innovations in Healthcare Information & Communication Technologies Aerospace & Defense Banking & Finance Energy & Manufacturing 5

5 Research Methodology Step 1: To provide a thorough analysis of each topic, Technical Insights analysts perform a review of patents to become familiar with the major developers and commercial participants and their processes. Step 2: Building on the patent search, the analysts review abstracts to identify key scientific and technical papers that provide insights into key industry participants and the technical processes on which they work. Step 3: The analysts then create a detailed questionnaire with content created to address the research objectives of the study, which functions as a guide during the interview process. While the analysts use structured questionnaires to guarantee coverage of all the desired issues, they also conduct interviews in a conversational style. This approach results in a more thorough exchange of views with the respondents, and offers greater insight into the relevant issues than more structured interviews may provide. Step 4: The analysts conduct primary research with key industry participants and technology developers to obtain the required content. Interviews are completed with sources located throughout the world, in universities, national laboratories, governmental and regulatory bodies, trade associations, and end-user companies, among other key organizations. Our analysts contact the major commercial participants to find out about the advantages and disadvantages of processes and the drivers and challenges behind technologies and applications. Our analysts talk to the principal developers, researchers, engineers, business developers, analysts, strategic planners, and marketing experts, among other professionals. Step 5: The project management and research team reviews and analyzes the research data that are gathered and adds its recommendations to the draft of the final study. Having conducted both published studies and custom proprietary research covering many types of new and emerging technology activities as well as worldwide industry analysis, the management and research team adds its perspective and experience to provide an accurate, timely analysis. The analysts then prepare written final research services for each project and sometimes present key findings in analyst briefings to clients. 6

6 KEY FINDINGS The growth in the number of connected devices has widened the attack surfaces, which are being leveraged by cyber attackers to penetrate into the important computing systems in key sectors. The lack of user awareness of device security requirements has helped attackers use these devices as gateways to target networks. In addition to comprehensive security solutions, the trend has been to innovate in the various layers of Cybersecurity for enhanced protection from specific types of attacks directed towards specific network layers. Innovations for securing perimeter, network, endpoint, application and data are on demand. This is due to the emergence of new types of sophisticated threats focused on specific types of attacks. Vulnerability assessment has been a key area neglected by a majority of those who have faced cyber attacks. Unless the weak points are identified and mitigated, risks of cyber attacks cannot be nullified. Recent innovations in Cybersecurity have focused on vulnerability assessment in addition to traditional security features. In contrast to the traditional remedial approach of Cybersecurity solutions, the recent trend has been to develop proactive solutions. There has been a spurt in the innovation of various intrusion prevention and detection solutions to identify and stop cyber attacks right at the inception. 7

7 KEY FINDINGS Among the key sectors adopting ICT solutions, healthcare has been found to be having the weakest Cybersecurity mechanisms. This is due to the lack of regulation compliant solutions used in this sector, which are unable to detect cyber attacks. In addition, due to the lack of security awareness, several compromised network resources, which have raised serious security concerns, are being used, hindering the large-scale adoption of digital solutions in this sector. Cybersecurity innovations in ICT are directed towards securing the implementation of futuristic technologies, such as cloud computing, Big Data, wireless communication, Internet-of-Things and so on. Innovations using new approaches, such as neural networks, predictive threat analytics, and artificial intelligence are gaining popularity. The adoption of the ICT technologies, coupled with significant security policies in the Aerospace & Defense sector is increasing. Targeted attacks on communication and control systems by organized cyber crime groups are the biggest threats which are being addressed by participants in the Cybersecurity space to prevent chances of cyber wars. Banking and Finance sector is leveraging leading edge technologies to prevent cyber attacks and fraud. Regulatory compliance plays a protective role. With the advent of the Industry concept and intelligent manufacturing solutions in the manufacturing and energy sectors, cyber attackers are trying to disrupt operations and carry out cyber espionage by using the attack surfaces and vulnerabilities. 8

8 WHY IS CYBERSECURITY ESSENTIAL? Cybersecurity Overview The growing number of cyber-attacks across sectors has resulted in compromised confidential information, network outages, and loss of control over essential computing resources. With the increase in digital applications, mobile users, process automation and wireless network usage, the attack surfaces for cyber threats are increasing. The Cybersecurity concept helps secure computing resources, information, networks and applications from cyber attackers and prevents unauthorized access, control, abuse or destruction of the same. Importance of Cybersecurity Growth of Cloud Adoption Drivers Access Security is an essential aspect of cybersecurity to prevent unauthorized access to significant computing systems. Such unauthorized access leads to abuse of data and applications. Network Security ensures the reliability and availability of the network by preventing intrusions and malicious traffic. Data Security is a key deliverable of cybersecurity as compromise of confidential data may lead to disclosure of private strategies and facts leading to huge losses. Application Security eradicates the vulnerabilities of the application, closing down the attack surfaces, thereby preventing abuse of resources handled by the applications. Security of Autonomous Systems is a key area of focus due to the convergence of operational technologies with information and communication technology. With Industry 4.0 and Internet-of-Things (IoT) concept setting in, securing autonomous systems has become a major priority. National Security is of importance to safeguard critical national infrastructure. 10

9 OVERCOMING KEY CHALLENGES Lack Of User Awareness of Security: Users give priority to the functionality, usability and convenience of technology instead of security. This is a serious concern which can be addressed by spreading awareness about the necessity of cybersecurity. Growth of Internet: The Internet has seen exponential growth to become the primary platform for computing. Innumerable applications (Web-based, cloud-based, and standalone) are gaining rapid popularity for entertainment, education, financial transactions, business and so on without the necessary security tools. This has led to the widening of attack surfaces for cyber attackers. Key Challenges Emergence of New Attack Types: Every day new types of cyber attacks and malicious tools are being developed. These zero-day attacks are highly dangerous as their threat definitions are absent in most security databases. These threats can be mitigated by using updated virus definitions and solutions which are equipped to protect against these zero day threats. Lack of Threat Information Sharing: Cyber Security solutions develop reports of threats faced and mitigated. These reports contain the impact intensity of each threat and their protection guidance. However, it has been observed that this information is seldom shared with others to create awareness. Adoption of policies, such as National Information Exchange Model (NIEM) could facilitate threat information exchange among organizations. Lack of Skilled Security Personnel: There is a huge shortage of skilled Cybersecurity personnel. The need for skilled personnel in this space is essential to meet the ever increasing demand of providing security to the information and communication resources in every sector. Enhanced initiatives to support academic research along with extended study and employment opportunities should be taken to meet the demand. Awareness Growth of Internet Emerging Threats Information Sharing Security Skill 11