Company boards have woken up to cybersecurity risks and are paying considerably far more attention to the issue and are actively fighting to stay ahead of potential threats, according to one of the world’s leading security analysts.
However, the general public has become increasingly desensitised to breaches, making it increasingly difficult for organisations to fight new threats associated with new technologies such as artificial intelligence (AI) and the internet of things (IOT), claims Kris Lovejoy.
Speaking to The Irish Times on a recent visit to Dublin, Ms Lovejoy, who was appointed global security leader at consultants EY earlier this year, also said that what constitutes a breach is undergoing revision.
Top concern
Her comments come as a new EY study shows that over half of global chief executives view national and cybersecurity as the top concern threatening business and economic growth.
“A breach isn’t necessarily unauthorised access but unauthorised manipulation of data – that is someone coming in and interfering with the resilience of your system. The problem for most companies is that they can detect unauthorised access but don’t necessarily know what happens next. This means that while they may know about a breach for month they typically don’t disclose because they don’t have to unless they know for sure data has been taken outside of the organisation,” Ms Lovejoy said.
“We’re seeing changes now to reporting of breaches with the recent New York State Shield act for example amending the definition of breach from authorised release of data to unauthorised data so that the mere viewing of information by an outsider had to be disclosed. This is forcing companies to act in a way they wouldn’t have done before,” she added.
Solutions
Ms Lovejoy joined EY in February from BluVector, a company she led that offers AI-powered cybersecurity solutions. Other roles she has had include chief information security officer (CIO) at IBM. She comes from a family of security specialists – her sister Juliane Gallina is CIO for the CIA.
The cybersecurity expert said destructive cyber acts rather than data breaches are on the increase, rising from less than 1 per cent year ago to between 16 per cent and 18 per cent currently.
Ms Lovejoy said it was likely such acts would increase in the coming years as newer technologies become more commonplace.
“With the coming of AI and 5G there is a much bigger attack surface where people who are angry can cause widespread disruption,” said Ms Lovejoy.
“IoT is another risk because a lot of them are built without proper security consideration. It is similar to buying a car without a seatbelt in a lot of instances,” she added.