The exponential rise in the amount of public data is making cyber security in companies increasingly complex.
The results of the latest index produced by Cesin, a club of information and digital security experts, provide a rather worrying overview of cyber risk for large businesses. More than one in five security managers (21%) from the association, which mainly represents CAC 40 companies listed on the Paris stock exchange, reported having experienced 15 or more attacks in 2016.
Open data and cyber security: the two approaches are not incompatible
Some 80% said they had recorded at least one cyber-attack in 2016, and 46% felt that the number of attacks had increased compared with 2015. As a result, 84% of them planned to acquire new technical solutions.
There is no doubt that this is vital, for “the task is growing ever more difficult,” stresses Niels Everstijn, Business Unit Manager of Axians Security Netherlands. He adds: “It’s an inevitable and long-term evolution. Information is absolutely everywhere now and each development brings with it a new challenge. In fact, this is only the beginning!”
“Open Source material must also be protected”
Seen from this perspective, does the growth of open data pose a specific risk? Does it make information protection in businesses more complex? Contrary to widespread belief, open data is not limited to start-ups and young companies. In the UK, for example, the Open Data Institute (ODI) reports that around two in five open data companies were set up more than 10 years ago and that around one in ten companies have more than 250 employees. The responsibility of using Open Source lies with the user themself, therefore the decision on whether the architecture’s Open Source code is “secure” enough remains the user’s responsibility.
“The open data principle is distinctive in that businesses haven’t developed open source-related material with security requirements in mind. Having said that, I don’t think that open data and cyber security are incompatible as approaches. People just need to be aware that open source material also needs to be protected to the extent possible,” explains Niels Everstijn.
“An opportunity to be seized”
The latest ODI report confirms that a parallel development is under way. Although companies are experiencing more and more attacks (there was an eightfold rise in ransom demands in 2016), they are also increasingly turning to open data, which in some respects is the best way of pulling the rug out from under the hackers.
According to Jeni Tennison, ODI’s CEO, companies do not throw themselves into open data “for the sake of openness alone”. “They see it as a way to fill gaps, reduce risks, and seize opportunities.”
Axians, which created a structure enabling security managers to adopt various levels of prevention and response based on the nature of the evolving threat, is taking steps to adapt accordingly. “It’s now easier to make cyber security a core element of company policy,” confirms Niels Everstijn.