- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
Cyber security is a key issue affecting the confidence of Internet users and the sustainability of businesses. It is also a national issue with regards to economic development and resilience. As a concern, cyber risks are not only in the hands of IT security managers, but of everyone, and non-executive directors and managing directors may be held to account in relation to shareholders, customers, suppliers, employees, banks and public authorities. The implementation of a cybersecurity system, including processes, devices and training, is essential to protect a company against theft of strategic and personal data, sabotage and fraud. Cybersecurity and Decision Makers presents a comprehensive overview of cybercrime and best practice to confidently adapt to the digital world; covering areas such as risk mapping, compliance with the General Data Protection Regulation, cyber culture, ethics and crisis management. It is intended for anyone concerned about the protection of their data, as well as decision makers in any organization.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cybersecurity and Decision Makers by Marie De Fréminville in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.
Information
1
An Increasingly Vulnerable World
1.1. The context
1.1.1. Technological disruptions and globalization
Technological disruptions are mostly digital in nature: automated knowledge, networks of connected objects, advanced robotics, 3D printing, cloud computing (85% of companies store data in a cloud; this practice is becoming more commonplace), mobile Internet, autonomous vehicles.
Until 2011, digital risks, or cyber-risks, did not appear in the World Economic Forum’s major risk ranking.
According to the 2019 World Economic Forum study, technology will play a fundamental role in the risk landscape over the next decade, including data theft (personal data, data from companies, public organizations and governments), identity theft and cyber-attacks, as well as deadly “bugs”, as shown by the Boeing 737 MAX crashes. According to the Washington Post, several flaws were discovered in the software of the aircraft’s flight system. The preliminary investigation report on the Ethiopian Airlines crash clearly blames this accident on a failure of the MCAS stall protection system, which had already been identified in the Lion Air accident five months earlier. Not only was the information sent by the probes incorrect, but it was not possible for the pilots to take control of the aircraft.
This accident shows the risks of technological or digital failures, as well as the need to have them tested and certified by independent authorities. It also shows that digital accidents are not necessarily the result of attacks, but of human failures (programming, man–machine link, processes, organization): tools often have “good backs”.
Cyberspace consists of computer equipment (computers, networks, connected objects, servers, printers, routers, etc.), software, applications, information systems and all information exchanged or stored via digital tools. It is the development of connections and flows that make security issues major issues, whether for States, companies or citizens.
Figure 1.1. The impact of digital transformation on the security of information systems in all companies (source: according to CESIN). For a color version of this figure, see www.iste.co.uk/defreminville/cybersecurity.zip
A number of technical black spots are at the root of data leaks:
- – the totally decentralized structure of the Internet, based on a multitude of different networks (at the beginning of June “Swisscom’s data passed through China”, the customers of the Dutch operator KDN, as well as those of the French operators Bouygues and Numéricable, were also affected, according to the newspaper Le Temps on June 12, 2019);
- – the architecture of IP addresses and domain names;
- – the “backdoors” of the equipment;
- – irregularities in the design of telecom operators’ services;
- – insufficient cryptographic tools for software and equipment.
1.1.2. Data at the heart of industrial productivity
With industry technologies 4.0 – ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), 3D printing, extended enterprise – with digital marketing technologies – websites, cookies, tag management – or with connected products and security cameras, data has been put at the heart of activities. Many data are collected and recorded in computer systems and software by different departments, without the company having detailed knowledge of all data flows and mapping.
Understanding the geography of flows and mastering data is a fundamental strategic challenge for the competitiveness of companies, as well as for our defense capability.
Reliable information and the verification of digital identities are critical for companies, users and IT service providers.
1.1.3. Cyberspace, an area without boundaries
Hackers are difficult to identify, and there is a real asymmetry between attackers, who have many and effective weapons, despite few resources, and targets who have much greater resources, but who do not guarantee perfect defense.
Cybersecurity is about the security and digital sovereignty of every State, every company and every citizen. It is of major political, economic and social importance and must therefore be addressed from different angles: educational, legal and regulatory, social, technical, military, organizational, individual and collective (national and international).
The consequences of some attacks can be critical: for example, the attack on the SWIFT interbank network between April and May 2016, which led to fraudulent misappropriations of several tens of millions of dollars in Bangladesh, or the denial of service attack of October 21, 2016 on Dyn servers (a service that allows the users of a dynamic IP address to access a domain name), which paralyzed part of the Internet network in the United States for several hours and seriously disrupted the economic activities concerned.
1.1.4. IT resources
Comprehensive knowledge of IT tools (hardware, software, network) is a structural challenge for companies: the way they have developed and managed their IT infrastructures in recent decades – fragmentary, in silos, at a time when risks were low – makes it more difficult for them to supervise them globally, which is essential for effective cybersecurity management.
1.2. Cybercrime
1.2.1. The concept of cybercrime
In short, it refers to criminal acts in the context of new technologies. We are also talking about computer fraud. Cybercrime includes, among other things, the illegal acquisition of private, personal or sensitive information. Cybercrime includes all crimes whose preparation or execution involves electronic data processing systems, such as sabotage, espionage and data interception.
Cyberspace offers criminal opportunities: digital services and infrastructures are a gateway to malicious intent. Any connected equipment is hackable; it is necessary to ensure continuity between physical security and cybersecurity.
As for computer attacks, or cyber-attacks, every week, new cases are revealed by the press, on all continents, in all sectors of activity (industry, banking, hospitals, hotels, online sales, etc.), for all types of companies: from start-ups to large listed groups, any other entities such as associations, foundations, town halls, public administrations and infrastructures, or even connected objects (surveillance cameras, pacemakers, children’s toys). And the press only reveals the tip of the iceberg. There is a veil of silence on the part of companies, which is understandable: none of them want to divulge their difficulties and especially not their cyber weaknesses.
Computer instabilities or intrusions are made possible both by the increasing integration of new technologies into all aspects of our lives (mobility, home automation, purchasing, travel, banking, etc.) and into the lives of companies (sales, production, communication, security, financial operations, administration, customer relations, suppliers, employees, investors, banks, etc.) and encouraged by the digitization of public services, as well as by the increasing sophistication of computer attacks.
Although information systems are increasingly protected, allowing more attacks to be blocked (in number and percentage), the number of intrusions was stable in 2018 compared to 2017, according to an Accenture study.
As the graph in Figure 1.2 illustrates, computer attacks are not a new phenomenon; they started more than 30 years ago, with the birth of computer networks and then the Internet.
They have then intensified due to the increase in vulnerabilities related to the digitization of economic operations, the opening up of computer networks, data exchanges, mobility, the development of applications and connected objects, and the widespread networking of computers.
Figure 1.2. History
(source: Starboard Advisory)
It should be noted that hardware and software are sometimes sold voluntarily with “backdoors”, which allow software developers or hardware manufacturers to use them to monitor or even take control of the software’s activities, or to...
Table of contents
- Cover
- Table of Contents
- Foreword
- Preface
- Introduction
- 1 An Increasingly Vulnerable World
- 2 Corporate Governance and Digital Responsibility
- 3 Risk Mapping
- 4 Regulations
- 5 Best Practices of the Board of Directors
- 6 Resilience and Crisis Management
- Conclusion: The Digital Committee
- Appendices
- Glossary
- References
- Index
- End User License Agreement