cyberattack

Rethinking Cybersecurity

Notice: This sponsored article is part of Lenovo’s ThinkShield campaign. Nevertheless, it reflects my personal views and aims to give a good impression of what is going on in the cybersecurity world right now, and how big IT players like Lenovo address these challenges.

Our fragile world of Connected Everything

In our modern world of connected everything we heavily rely on the omnipresent IT backbone. For companies, this is even business-critical.

At the same time, innovations happen at an ever-growing pace. It is now more important than ever for businesses to innovate quickly. However, it is also clear that these fast innovations – IoT applications are a good example – need to be secure from the start.

In terms of IoT, I really like the following joke: The “s” in IoT is for Security. It is true; IoT is not designed to be safe. The result is that many vendors are now in the uncomfortable situation of adding security belated.

Right now, cybersecurity is one of the strongest growing fields in IT and naturally, there is a lot of fuzz around it. However, from my experience, most businesses today lack a clear cybersecurity strategy nor do they have the capability to address this topic comprehensively.

What I often see at companies are reactive approaches, which typically include rather patchwork or even worse: firefighting incidents.

However, this will not end well. As technical debt rises, corporate IT will become slower and slower.

IT Stack
IT Stack

Personally, I believe that real cybersecurity can only be achieved by a systematic approach. Consequently starting from securing the smallest smart components, like integrated circuits, going up the complete IT stack.

This approach is referred to as end–to–end security and thinking of companies more precisely: end-to-end business security.

In fact, this is also what IT giant Lenovo promises with its cybersecurity portfolio. Let’s, therefore, take a look at what the world’s largest personal computer vendor envisions and what its portfolio, called ThinkShield, looks like.

A comprehensive Cybersecurity Approach

The official goal of ThinkShield is to provide the most complete security solution in the

Industry and to make it easy to implement in any company at the same time. This is a huge task, even for a company of Lenovo’s format. Therefore, Lenovo consequently teamed up with Intel, Microsoft, and other partners, each leveraging their strengths to a common portfolio.

Now, how comprehensive is the approach of Lenovo really?

Above all Lenovo’s credo is “Security by Design”, meaning that security for them begins with development and continues through the supply chain and the full lifecycle of every device—from development through disposal. Lenovo addresses this e.g. with a trusted supplier program or secure packaging.

To get a better understanding of ThinkShield’s functionality let us first have a look at the four different categories of ThinkShield, which are:

  • Device Protection
  • Data Protection
  • Identity Protection
  • Online Protection

Sounds pretty comprehensive, doesn’t it? Now I would like to unveil two categories, starting with Online Protection by asking the question:

How am I protected Online?

Let me start with a story. In 2015 one click from an employee at Anthem (insurance company) exposed the personal data of 79 million people, costing the company an estimated $100 million.

This might be an extreme example but it is just realistic at the same time. In this case, one phishing mail enabled the whole hack. Looking at the Online Protection category of ThinkShield in this context, the element BUFFERZONE Sandboxing could have helped, by isolating the malicious attachment.

There are 12 more elements in this category, but my personal highlight of the Online Protection category is Lenovo Wi-Fi Security. As I am a frequent traveler, Wi-Fi Security uses behavioral rules and defined lists to notify me when connecting untrusted public networks by warning me of suspicious access point behavior.

Those unsecured access points can easily lead to identity theft, leading to the next question and category:

How do I protect my Identity?

As I love to give real-world examples, here comes another one: In 2014, stolen credentials exposed 145 million eBay users, causing the company to revise revenue targets down by $200 million.

Since last year, the above example would have had even more consequences for eBay with much stricter laws like the GDPR in act. Speaking of breaches, over 80% use weak or stolen passwords!

In ThinkShield’s Identity protection category, Intel Authenticate plays an important part, as it enforces authentication rules in hardware. This includes PIN, biometrics, keys, tokens and associated certificates, making them hard to reach for attacks.  

For me, another interesting element of the Identity Protection category is Geo-Fencing Security. This is a location-based (geo-fencing) method of authentication, which uses GPS and/or network location detection. In times when attacks can be carried out from any corner of the world, this is a valuable security measure.

I hope I was able to give a first impression of what ThinkShield can do for businesses. However, as security is a C-Level topic, not only functionality but also monetary and strategic considerations count. Leading to the last question:

How can investing in Cybersecurity drive Business Growth?

So talking to your CEO (maybe yourself), three main reasons for investing in security exist. Profitability, Innovation and Productivity.

From my side profitability and productivity relate very closely and therefore I want to start with the two.

As I pointed out in the beginning of this article, most companies today have rather reactive cybersecurity approaches. However, this means that the damage was already done and is fixed afterwards.

Speaking of profit, what does one hour of production downtime cost your company?

In addition, what effort does the cleaning take?

The initially mentioned patchwork is not an efficient way. When dealing with complex services or systems, end-to-end arrangements are often cost-effective. Lenovo’s ThinkShield portfolio is an end-to-end solution. On top of it, it is customizable and companies are able to tailor it to their needs and budget – no matter which size.

In terms of productivity, businesses today have few personnel to address cybersecurity topics comprehensively. Often these people are part of the corporate IT and do this “besides their main jobs”. This again leads to inefficiencies. However, the good message here is, that today e.g. already nearly 70% of malware containment can be automated, leading to much higher productivity.

Last but not least innovation.

In times of daily disruption, innovation is more important than ever. Security can really be a showstopper here. In the beginning of this article, I clearly showed how IoT went wrong in the first place. Businesses need to focus on their key value proposition and want to rely on a professional partner for the required security.

This article could only scratch the surface of a highly complex topic and a comprehensive solution from the world’s largest personal computer vendor. If you like to know more of the latter, I recommend a visit of the official ThinkShield website or the highly entertaining docuseries The Fallout – A real-world cybersecurity story.