Cyber Security: Beyond Compliance to a Best-in-Class Solution
- There is a cyber-attack occurring every 39 seconds, according to a study by the University of Maryland.
- 1 in 3 people are affected by cyber-attacks every year. Furthermore, the number of attacks is increasing, NOT decreasing.
- Kevin Mitnick is the most (In)Famous hacker in the world. Kevin was once on the FBI’s Most Wanted List for hacking more than 40 corporations. Now, Kevin is a trusted security consultant worldwide to the Government and Fortune 500.
- Research has shown that many companies (even large companies) can take 6 months to detect a data breach.
- By 2025, cybercrime is expected to cost the world $10.5 trillion ANNUALLY.
- Human error accounts for 95% of data breaches, according to a report by IBM.
- Since COVID-19, the FBI reported a 300% increase in cybercrimes.
SASE Security Approach
Firewall protection of old is no longer the de facto standard with the emergence of new cyber security concepts such as Secure Access Service Edge, (SASE, pronounced “sassy”), first proposed by Gartner®. SASE is a converged networking and security approach for connecting and protecting distributed businesses and hybrid workforces.²
The adoption of SASE is accelerating as organizations look to implement Zero Trust architectures, digital transformation projects, and reduce the complexity of their security stack.
In its 2022 Strategic Roadmap for SASE Convergence, Gartner breaks down the factors that are driving this shift and gives its latest guidance for adoption, including:
- “Avoid point solution projects. Instead, opt for consolidation by using the converged security service edge (SSE) market at renewal time for CASB, SWG or VPN to remove complexity.”
- “Implement zero trust network access (ZTNA) within a SASE/SSE strategy to deliver consistent, contextual application access for all users, regardless of location (including in the office or branch).”
- “Consolidate SASE offerings to a single vendor, two explicitly partnered networking and security vendors with deep integration, or a managed SASE offering to reduce complexity.”
Microsegmentation and Zero Trust principles have now replaced VPN as a faster and safer alternative. Microsegmentation uses virtualization technology to create increasingly granular secure zones in networks. By applying tightly focused security policies, microsegmentation moves security away from simply identifying IP addresses and grants user access to only the applications and data they need based on their identity and role. Security then becomes about the individual user, limiting dangerous lateral movement within a network. Those policies can be further refined by location and device – an adaptive approach that takes into consideration current security risk. It’s a core technology for zero trust, the idea that no one should be trusted or given more access than they require. Now, your Finance team only has access to the four apps that they use, and your traveling salespeople can be confident in their multi-factor login whether they are in a Starbucks in Singapore, or their home office.
Alithya Cyber-Hardened Laptops and Smart Lockers
Connections to field equipment through Maintenance and Engineering Laptops is considered one of the primary cyber-attack pathways to compromising an OT system. For its Utilities clients, Alithya has also developed Cyber-Hardened Laptops and Smart Lockers. Alithya’s Cyber-Hardened Laptops are rugged machines built to last in harsh industrial environments, which are configured for ease of recovery, virus scanning, and maintenance, contain less cyber-attack surface, and are virtualized to reduce malware spread. Alithya’s Smart Lockers provide additional physical protection for your laptops and other valuable hardware assets when not in use. Ensure safe keeping of laptops between uses with automated check-in and check-out, diagnostics, and automated upkeep. Our team of Alithya Cyber Engineers (ACE) provide end-to end installation, configuration, and support to ensure seamless integration with your existing plant equipment.