At the beginning of the year, the 8th edition of the Cybersecurity experts club barometer was released. The study showed that cyberattacks have become a norm as almost half of the companies asked, have already faced a cyberattack with significant damages.
This new norm is pushing companies’ investments in protection, detection and management tools to face such attacks. On-premise software has brought in lot of risk, 45% of companies asked to report failure alerts. But the main risks still come from the human operators. ¾ of the companies asked mentioned Phishing as the main source of attacks. Cybersecurity budgets keep on increasing and now represent more than 5% of the global IT budget in 2022.
Cybersecurity is also about data management. As shown by a good example coming from Samsung. A few weeks ago, several engineers from Samsung used ChatGPT to optimise confidential tests to identify faulty chips, which led to a confidential data leak. This incident highlights the need to have open-source AI models able to handle data in Europe, under European digital laws, as we do at Stonal. Globally, 6 out of 10 companies say they are concerned about issues of sovereignty and trusted cloud.
A balance with the additional costs and loss of technical performance linked to these new sovereign clouds has to be found, but few are yet approved.
In this real estate world, asset data is highly valuable and it is essential to give it the maximum level of security in all aspects.
Have a good read,
Michel & Robin
Cyberworld, cybersecurity, cyber challenges
All human knowledge and activity now pass through computer networks. Stored data is expected to grow from approximately 59 zettabytes (59 billion terabytes) in 2020 to 175 zettabytes by 2025, and then likely to several yottabytes (1 yottabyte = one trillion terabytes) by 2030 (according to IDC study).
This growth is coming from the explosion of the amount of data generated by connected objects, social networks, mobile apps, IoT, etc.
The management, preservation, securing and protection of data have become strategic issues for states, companies, and individuals. Not to mention the environmental sustainability of all these storage centers.
With this increase in available data, the number of cyberattacks is also growing. Verizon published a report in 2021 stating that the number of cyberattacks declared increased by 20% from 2020 to 2021. And the number of data breaches has grown by 11% in the same period. The National Cyber Security Center has reported 15 times more phishing attacks in 2020 compared to the previous year, Covid having made things worse. The number of new malware variants also increased by 35% in 2021 according to Kasperky.
Organizations now spend an average of 5% to 15% of their IT budget, on average, on cybersecurity (2021 Gartner) because cyber threats are constantly evolving and the consequences of a security breach can be severe. Data breach costs have increased by 50% over the past five years, averaging $13 million per business in 2020 (Accenture Cybercrime Report 2021).
Arming ourselves against threats has become a priority. Spending on security solutions and software is expected to reach €206 billion in 2023, a 12,1% increase in just a year, according to the latest IDC study. And spending on hardware, software and services related to cybersecurity is expected to keep on increasing to reach €282 billion in 2026. On the investment side, the number of funding rounds has more than tripled between 20212 and 2022, according to Tikehau Capital. Especially in Europe, the United States and Israel, where the amounts raised were almost multiplied by 17 (14.9 billion Euros in 2022)!
But what are we talking about?
The concept of cybersecurity included all the measures taken to protect computer systems, networks and data against attacks, damage, unauthorized access and breach of confidentiality.
Cybersecurity is now a prime concern as businesses and governments increasingly rely on information technology to store confidential data, manage financial transactions and interact with customers.
We think we know what cybersecurity is all about, but there are actually several categories, namely, the security of networks, applications, operating systems, data and finally, physical security. Each of them requires different approaches and tools to protect sensitive information.
Network security is the first line of defense against attacks. It involves securing network connections, protecting ingress and egress ports, and ensuring that firewalls and anti-virus software are up to date. Common network attacks include denial of service (DDoS), phishing, backdoor, and malware attacks.
Application security is another important measure, protecting applications from attacks that aim to exploit vulnerabilities or gain access to the sensitive information stored on them. We are talking about SQL injection attacks, cross-site scripting and denial of service. Operating system security protects against malware attacks, denial of service attacks, and brute force attacks.
Data security includes measures such as data encryption, monitoring of user access and activities, deletion of obsolete data and destruction of sensitive data in a secure manner. These include data theft, privacy breach and malware attacks.
And finally, physical security consists of protecting computer systems against threats of theft, fire, floods and earthquakes. This involves securing data centers and implementing disaster recovery plans (PCA, PRA).
And at Stonal ?
At Stonal, we made sure to build our product so it answers the highest security standards. Because the asset data of our customers are very sensible, our datalake is hosted on the most secure servers.
We have a disaster recovery plan (PRA) and a business continuity plan (BCP) tested and validated by experts, with redundancies and multiple backups to prevent disasters and thwart cyber-attacks or physical. Working for banking and insurance institutions as well as public actors, we had to pass extremely sophisticated penetration tests (pentest) which validated the robustness of our platform.
A little bit of history.
Since computers started to be used to store sensitive information, i.e. around the 1960s on magnetic tapes and then hard disks, computer security has become increasingly more strategic. From the first simple threats of theft, we have now moved on to much more complex stratagems, in particular, due to the development of interconnection networks between computers.
The first computer viruses started appearing in the 70s and 80s. These malicious programs were designed to spread through the computer networks of the time and steal or damage data and systems. Viruses quickly evolved to include more sophisticated features, such as the ability to hide in system files, spread through emails or attachments, and modify system settings. Hackers then started to become a serious threat using social engineering techniques to convince users to divulge confidential information or provide access to protected systems.
In the 90s-2000s, governments and large companies started investing massively in advanced security technologies, such as firewalls, anti-virus software and intrusion detection systems. Governments also began to take action to protect critical infrastructure, such as power grids and transportation systems.
Now the techniques continue to diversify with phishing and spear-phishing to access confidential information. Malware has evolved to include features such as data encryption, making it more difficult to recover stolen data.
Today, cybersecurity has become a major concern for businesses, governments and individuals. Cyberattacks are increasingly sophisticated and can have devastating consequences, including loss of data, breach of privacy, and disruption of business operations or even shutdown of operations.
Data security constraints and rules have now reached such levels that it is becoming extremely expensive to set up and maintain your own servers. Formerly maintained by the companies themselves, large cloud data centers are increasingly doing well by pooling energy resources and levels of data preservation and security unattainable by individuals or businesses. The consequence is that the cloud is taking more and more space in the market for consumer and B2B applications to the detriment of “on-premise” consisting of installation and local security on each machine.