September 08, 2015

Security Is Your Best Business Ally

by Industry Trends and Technology, Point-of-View

Originally published in OpusCapita Journal.

If it can be digitalized, it will be. The expansion of the digital world into all areas of life makes security critical in all sectors. We asked Jarno Limnéll,  Professor of Cybersecurity at Aalto University, to share his views on this important topic.

Companies whose processes and digital services run smoothly and whose systems are safe to use and work environment secure, in physical and intellectual terms too, will have a significant competitive advantage,” says security policy expert Jarno Limnéll.

The logic is that security lays a foundation for trust and reliability. Trust is an increasingly valuable asset for companies in the globalized world. Similarly, repeated failures in information security undermine the trust of customers and partners, and sooner or later the company’s business will suffer.

“Having a sense or feeling of security is an important element of the security picture. If security measures are appropriately focused and sufficiently extensive and are implemented strategically and systematically, people will feel more relaxed in their work and achieve better results. All in all, security is an integral part of a good, happy life.”

Limnéll does not consider that digital security, or cybersecurity, is a separate issue. He sees it as one of the many aspects of security.

“We already live our daily lives simultaneously in the physical and digital worlds, and this will be even more marked in the future. For this reason, security must be developed as a whole, based on this new reality.”

Limnéll sees indifference and poor judgment as the largest cyber threats.

“This is why cybersecurity is primarily not about technology, but about attitudes.”

Nevertheless, cybersecurity projects continue to be technology-focused. “When trying to find a solution to a specific technological problem, people tend to overlook the bigger picture, which is a pity,” says Limnéll.

Many questions should be asked and the big picture should be outlined before going shopping for solutions. What data needs to be protected and against which threats? What data categories do we have and what is the required level of protection? The big picture also includes security measures in the physical environment, such as access control, workspace arrangements and monitoring and surveillance.

It is important to realize that there is no absolute security – and there never will be. It is not possible to protect against all threats, and all technologies can be cracked. But if a denial-of-service attack occurs or a virus enters the system, for example, this can, to a high degree, be tolerated and operations normalized if continuity and recovery plans are in place.

The security of complex systems is a major challenge for companies.

“A company may have a dozen suppliers connected to the same set of systems. When something happens, it is not easy to find out where the system needs fixing. Companies now seem to be looking for solutions where a single supplier is responsible for the entire system or set of systems,” says Limnéll.

The cyber boom created by digitalization has increased public awareness of cyber crime and other cyber threats. Limnéll has a background in military security, which means that he is aware of the full gamut of threats in the digital world. Nevertheless, the negative tone of the public discussion on cybersecurity bothers him.

“Digitalization is an enormous opportunity, and security is always a good thing. It’s unfortunate that such a positive issue is largely approached in terms of threats and fears.”

In an increasingly digital world, information security is an intertwined combination of global, local and individual information security. Cybersecurity is becoming more global but also more personal. We are both agents and objects.

Occasionally, security and business interests collide.

“For example, when companies are developing major innovations, they are so busy trying to introduce the product before their competitors that they forget to pay attention to security aspects and hastily come up with a solution in the final stages of the project.

“Integrating security into a product retrospectively is challenging, if not impossible. Security must be considered from the very beginning of the innovation and development process.”

Jarno Limnéll, VP, Cyber Security and Business Development at Insta Defsec Oy, also serves as Professor of Cybersecurity at Aalto University. He holds a Doctor of Military Science degree, a Master of Social Sciences degree and an officer’s degree. He previously worked as Director of Cyber Security at Intel Security.

Read more blog posts about Point-of-View