First, we should realise for what type of company we want to create the cyber defence system.  Appropriate security cannot be regarded as a textbook model, which all companies, without distinction, should aim to achieve. It is clear that a library will need a completely different security system than a nuclear power plant. By correctly determining what precisely we want to protect, in what manner and what scope, we may significantly simplify the implementation and operations of the system.

Cyber security is based on three principal pillars that we should know for effective implementation of a protection system. These are processes (and their rules), technologies and people. In addition, the knowledge of the risks themselves is necessary; it will help us build information security in an effective manner. Using this information, we may subsequently adjust the processes and procedures, suitably mitigate the impact of the human factor, select adequate technologies and start to build an effective digital protection system.

Five trends of the future of information security

1. Multi-factor authentication. A combination of various authentication factors, e.g. using a name, password and a token at the same time.
2. User behaviour analysis. Determining standardised user behaviour (authentication, authorisation, reading of emails, work with files, and access time to the system, geolocation, etc.) and subsequent monitoring of deviations.
3. Data loss prevention. The key to prevention are advanced encryption technologies and tokenisation.
4. Deep learning. A combination of technologies such as artificial intelligence and machine learning, subsequent analysis of user behaviour and identification whether it is unusual or even dangerous behaviour.
5. Cloud. Cyber security as a cloud, virtualised service.

Prevention is one of the most effective methods of mitigating the impact of the risk in the attack itself. There are numerous tools that may help you such as operating or security monitoring, active protection of the environment with the use of firewalls, antivirus programmes and others or behavioural analysis. Using the data on the environment, we may effectively predict, reveal and counter numerous attempts to break into the security perimeter and learn how to fight new, innovative methods of cybercrime.

Deloitte Academy

A good knowledge of theory is a precondition for good quality practice. At Deloitte Academy attendants of our courses have an opportunity to learn about cyber security right from its basics. However, security managers, analysts, consultants and other cyber protection experts will also find it interesting. Do you like the idea of learning something new? Do you want to learn from specialists with many years of experience? Then the Deloitte Academy courses are just for you.

WhatsApp: Who may read your messages?

A big issue in security matters is the electronic communication, which is currently a common part of work and private life. For that purpose, we use applications and we automatically expect an appropriate level of security and privacy protection. Is the communication via traditional applications such as WhatsApp or Viber really secure?

The above applications (and numerous others) use the Signal protocol for encrypting. It encrypts the message on the source device, sends it encrypted to the operator’s server, it then forwards it to the device of the recipient, the device decrypts it and reads it. This system is called “end-to-end” encryption and as such it can be considered as secure. The information is, in this case, well protected on the way between the sender and the recipient. A message is mostly under threat right before being encrypted and right after being decrypted. For a would-be attacker it is much easier to attack the device of the end user than to start the difficult decrypting of the sent message.

Cryptographic glossary

A special category of cyber security is encrypting. If not protected, the information is most at risk at the moment when transferred (for example when we send an email). The information lifecycle involves the creation of information, encrypting, sending, decrypting and reading. Individual steps are however not as easy as it may appear at first sight. Read through our small cryptographic glossary and learn the terms easily and quickly.

• Cryptography is a science dealing with data confidentiality and secure communication between various parties.
• Cryptanalysis is a science focusing on analysis of encrypted data with the objective of breaking their encryption.
• Steganography is a discipline engaging in the concealing of the existence of e.g.
  a message that is not easily detectable by a third party.
• Clear text or data are the original input that we create and that we want to encrypt to secure it against reading or viewing by a third party.
• Key is the information, which determined the output of the encrypting algorithm without which a third party is not able to read the message.
• Cipher is an algorithm or mechanism, which adjusts, using the key, the original open text or data into encrypted form.
• Cipher text or data are incomprehensible to people when they read them. They can be decrypted and subsequently read only by someone who has the correct key and cipher.