Cyber Security
Cybersecurity McCarthyism, collaboration & home brands
T By Guillaume Noé
he US government is lashing out at Kaspersky Lab over concerns the cybersecurity company would willingly collaborate with foreign government entities, that would pose a serious threat to the US. The case begs key questions on building trust in cybersecurity companies, enabling an effective global collaboration and fostering further local innovation.
How well do we trust cybersecurity companies?
and processes. They trust the security controls they buy to be effective and efficient. They also trust the cybersecurity companies will not take or lose their data or be of any threat to their business, whether directly or indirectly through thirdparties, including foreign state government entities. The 2016 Ponemon’s Data Risk in the Third-Party Ecosystem research reveals key findings on how most organisations fail to efficiently manage data risk with thirdparties (incl. cybersecurity companies). For example: •
Our businesses and the organisations we work for are very likely to be facing cyber-attacks. The subject presents a very serious global risk. Individuals and organisations rely on a flourishing cybersecurity industry to better manage the risk with technologies and services. The Cybersecurity Ventures market research group predicts that global spending on cybersecurity products and services will exceed $1 trillion USD cumulatively, from 2017 to 2021. This is big business. The group also tracks a large number of cybersecurity companies and maintains a list of the top 500 world’s hottest and most innovative. It is already a big list for only a part of the industry. Such companies range from large multinational corporations, to small, local and specialised businesses. The cybersecurity industry is very competitive. Organisations typically subscribe to a variety of cybersecurity companies that they select, based on criteria, including technical and non-technical items and, importantly, trust. Trust is a big deal with cybersecurity companies. Businesses place some serious trust in the cybersecurity companies they rely upon to protect valuable information
28 | Australian Cyber Security Magazine
• •
49% of organisations confirm they experienced a data breach caused by one of their vendors; 55% rely upon the third-party to notify their organisation when their data is shared with their other parties; 58% say they are not able to determine if vendors’ safeguards and security policies are sufficient to prevent a data breach.
We may want to trust cybersecurity companies as well as we trust our banks, but it is not that easy. Cybersecurity technologies can be quite intrusive and knowing of our data. They can also be hacked themselves (RSA, Hacking Team, Kaspersky, Bitdefender, Lastpass, OneLogin, Cellebrite, etc.) and attract the unwanted attention of cyberoffensive government entities.
Kaspersky Lab vs US Government Kaspersky Lab is a renowned cybersecurity company, which specialises in technologies for consumers and organisations. It recently ranked fourth in a global ranking of antivirus vendors by revenue. It is the third largest