Extensive cost increases for cyber security

Extensive cost increases for cyber security

According to a survey, about 200,000 people may have been affected by identity fraud in 2016, which is one of Sweden’s most common crimes. As a comparison, “only” 65 300 bicycles were reported stolen the same year.

An analyst predicts that cyber security-related crimes will soon cost global society the equivalent of 60 billion SEK annually, which is three times higher than Sweden’s GDP and a higher turnover than global trade in illegal drugs.

According to the same report, a company will suffer from ransomware every fourteen seconds. The Internet of Things and self-driving cars will lead to new types of crimes and there will soon be 3.5 million cybersecurity-related jobs, as it will not be possible to hire staff until the skills are missing.

“Small and medium-sized enterprises are expected to become a target for cyber security-related crime”

Low level of knowledge while the threats are getting bigger

According to informal surveys conducted by Knightec in connection with training and education, only a minority of the technology and IT-oriented audience are familiar with common security holes, attack methods and simple safeguards.

Small and medium-sized enterprises are expected to become an increasing target for cyber security-related crime.

There are ways to overcome the challenges

Knightec has developed two services that can be used to get started with the IT security work quickly and easily without any prior knowledge.

The first one, Connected Device Security Crash Course, is a one-day workshop that deals with general orientation in current trends, new approaches and superficial stakeholders, attack vector and risk analysis.

The second, Connected Device Security Sweet Spot Pre-Study, is a process developed by Knightec to determine, in a structured way, what actions an organization will perform to achieve an optimal balance between power and cost, taking into account regulatory requirements, customer requirements, current standards and market conditions.

Connected Device Security Pre-Study

The study begins with an introductory phase consisting of four workshop days:

  1. Coordination meeting to set up the general premises for the project.
  2. Workshop for stakeholder analysis.
  3. Approach Vector Analysis Workshop, with the goal of identifying potential vectors stakeholders with potential intent to attack a system could use.
  4. Workshop for the definition of scope, with the purpose of determining which constraints apply to the continued work

Following the initial phase, three further phases of zero-state analysis: analysis of gaps and assessment and evaluation, follow a risk perspective to develop priorities. follow a risk perspective to develop priorities. At the end of the final phase, a report will be presented with priority gaps and, where appropriate, proposals for measures and expected costs to reduce or close them.

Examples of such actions could be:

  • Create a cross-functional organization for continuous security work
  • Create routines for claiming and evaluating third-party products
  • Create procedures for rights management for keys, substrates and distribution
  • Process changes for design, development, production and traceability
  • Educational programs for developers
  • Penetration test of products and systems
  • Education in standards and regulations such as GDPR, ISO 21434, ISO 26262, ISO 27000, ISO 15408 and Ethical Hacking

The result for the customer is increased competence within the cyber security organization, as well as access to a framework to demand, budget and plan cyber security activities in a structured manner, based on the organization’s unique conditions and needs.

Contributor

David Wenslandt has over the last decade, hacked remote controlled underwater robots and software for automated collection and synchronization of nuclear data, rescue services and government as developer, project manager and quality manager. He is now the leader of the Connected Device Security area at Knightec.