Cybersecurity Hardware and Software

Kaspersky Lab: How a united voice can build digital trust in cybersecurity

Screenshot_20190216-122105 By ANTON SHINGAREV                                                Vice President of Public Affairs at Kaspersky Lab

In its business predictions for 2019, industry analyst Forrester says more companies will implement cybersecurity strategies based on a principle of “zero trust” — continuously questioning the security of all internal and external activity.

For cybersecurity as a whole, however, a zero trust approach is not an option. Everything cybersecurity vendors need to be able to do to protect customers — collect and process information on suspicious and malicious files, hunt malware, share threat intelligence, and collaborate – including  with law enforcement and governments — is impossible if there is zero trust. How can we ensure they have faith in the industry and their specific provider?

This is where digital trust comes in. Digital trust is defined as the blend of cybersecurity, effective data privacy, accountability, and ethical data handling that leads customers to trust an organization.

Cybersecurity needs to establish its own digital trust. Unfortunately, this aim is under growing threat from external forces, such as geopolitics and technology nationalism.

A world without trust

Thanks to cybercriminals and advanced threat actors, cyberspace has become a landscape of fear, uncertainty and doubt. Geopolitical tensions are being played out online, with security software and other technology products positioned as potential cyber weapons.AV-Test Kaspersky Lab - Science and Digital NewsAs a result, people, organizations and governments are increasingly concerned about what cybersecurity software could be doing to or with their data and devices. Kaspersky Lab has found itself at the receiving end of some of these trends, and they are not a nice place to be, especially when you’ve done nothing wrong.

Globalisation vs. nationalism

Technology nationalism is flourishing because the world is engaged in a game without rules: there is no unified, independent global framework for standards in cybersecurity. That is not altogether surprising; cybersecurity is a relatively young industry still finding its feet as a sector and an agreed global playbook has not been essential before.

It is now.

In an increasingly connected world, cybersecurity has become fundamental to digital trust. It underpins the confidence people have in the security of their national economy, critical infrastructure and everyday life.

It is time for the industry to take control of its own destiny. The world needs a set of global standards and principles that everyone abides by and which are clear, transparent, and accountable.

What we can learn from other sectors

The long established automotive sector got its global regulatory relationships in place in 1952, with among other things, the setting up of the World Forum for the Harmonization of Vehicle Regulations under the auspices of the United Nations Economic Commission for Europe (UNECE). Through the forum, the world’s main automotive manufacturing markets collaborate on essential motor vehicle regulations that apply to all.

At the same time, every country is different and has its own unique needs, approach and regulations. In the case of the healthcare industry World Health Organization (WHO) provides details on the laws and healthcare approaches of different countries around the world.

Just imagine if such things existed for cybersecurity: if vendors could operate internationally on a level playing field, within an industry-wide trust framework, but tailor their activity and choices to the needs and regulations of individual countries?

The risk of failure to act

The absence of a global framework puts the industry at risk of what is known as “balkanization” where barriers, restrictions or even outright bans are put in place by governments to keep technology vendors it wants to exclude on the other side of the fence. We believe that technology nationalism is damaging and will stifle competition, innovation and collaboration and undermine trust in the global digital economy. The only winners will be the cybercriminals who don’t see and certainly won’t respect any of those borders.

The response of governments to industry insecurity needs instead to be based on dialogue with the relevant industry players and real evidence and assessment of the potential risks.

We are not the only ones concerned about trust and the future of cybersecurity.  Across the industry there are partnerships and calls for a Digital Geneva Convention, including, most recently, the Paris Call. We are enthusiastic supporters of them all. But we also believe it is time to move beyond good intentions and take action to introduce tangible measures that prove trustworthiness, integrity and resilience.

Our model

For us, the answer is our Global Transparency Initiative. Launched in October 2017, the program involves, among other things, the relocation of key elements of our data processing and software build infrastructure to Switzerland, independent third party audits of our engineering practices, and the opening of three Transparency Centers where trusted partners can access external reviews of our source and update code and documentation. We achieved the first major milestones in November 2018 with the start of data processing in Zurich for customers in Europe, and the opening of our first Transparency Center in the city.

Becoming more transparent is not risk-free. Exposing your source code, for example, even in highly controlled circumstance could make it a target for attack. But these are risks we are prepared to take.

Roadmap for resilience

The days of black box cybersecurity are over. Yes, not everyone understands or even wants to know about the hundreds of thousands of lines of code that make up a security product.  But they need to be able to see clearly what you do, how you do it, and how protected it is from outside interference. Equally importantly, they need to know what kind of data you don’t collect and what things you will never do.  And not just for one vendor, but for all of them, measured by the same high global standards that we create together. (Kaspersky Lab)

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at http://www.kaspersky.com.

Source of featured cybersecurity image: courtesy of The Digital Artist on Pixabay.

Hello, Cyber World! A journalist's passion for news, which for me is every and any kind of news, but specially on Science, Technology, Innovation, Digital, and Current News, or just about anything under Heaven, birthed this news platform. Disclosure: I am not a scientist nor an expert on anything Science, and not a techie either; just some journalist who loves and care to bring the good news and share them to everyone out there. It is a big, big physical world out there, but the Industrial Revolution 4.0, the Internet in the Digital Age, has shrunk Earth into one small virtual community. Each human being a "neighbor" to everyone in the Philippines and in any point of the compass. Whatever you may see or think could be my and this site's shortcoming, my apologies. So, there, please join me in my journey in cyberspace! Be home, be safe, be mindful of your neighbors, of the Creator! Thanks so much.

0 comments on “Kaspersky Lab: How a united voice can build digital trust in cybersecurity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: