Things in China just got a bit more challenging - at least in terms of cybersecurity. Today, China is implementing a rather controversial cybersecurity law, with the clever and creative name Cyber Security Law (CSL), aimed at protecting China's networks and private user information. The law has a lot of foreign firms and businesses that handle Chinese data on edge, as it forces a series of intrusive regulations on them that may make their operations in China less secure (more vulnerable to theft of their intellectual property) or more expensive.
China has really stepped up their cybersecurity game since Edward Snowden blew the whistle on foreign technology firms, revealing that they could help governments spy. According to The New York Times, Chinese officials say the new law will help guard against cyberattacks and prevent terrorism, but experts and businesses remain confused and skeptical.
“The law is both extremely vague and exceptionally wide in scope, potentially putting companies at risk of regulatory enforcement that is not related to cyber security,” said Carly Ramsey, associate director at the risk-management consultancy, Control Risks, in a statement to the Financial Times.
Breaking it down a bit, the CSL is designed to protect personal information and individual privacy, and regulates the collection and usage of personal information. Because of this, companies will now be required to implement strict data protection measures, and sensitive data must be stored on domestic servers. On top of that, in some instances, businesses will need to undergo a security review before moving data out of China. Here's where the vague-ness comes in, as the government has been a tad fuzzy on what exactly constitutes important or sensitive data.
Experts recommend that any company that manages Chinese data evaluate the impact that this law could potentially have on their firms, and prepare and respond accordingly.
“Companies should also be aware that the CSL potentially provides the government with the legal ability to obtain intellectual property and a view into an organization’s cyber gaps and vulnerabilities,” said Carly Ramsey, a regulatory risk specialist and Ben Wootliff, a partner and head of cybersecurity at international risk consultancy Control Risks. “The operational costs and risks of localizing data to China are likely to be significant for most (multinational corporations), particularly the loss of the ability to conduct global big data analytics if the China data has to be housed separately.”
The threat and cybersecurity landscape is getting tougher and more perilous to navigate, and this certainly seems to be throwing another wrench in the works. Definitely something to keep an eye on as this develops. Our second story takes a look at the joining of forces of an unlikely pair - Cisco and IBM.
In light of the recent WannaCry ransomware attacks that threw the entire globe into a tizzy, the two tech titans decided that buddy-ing up was a better way to fight and defeat the cyber bullies - of that attack and others yet to come. Cisco and IBM have partnered to share threat intelligence between their research groups when investigating big hacks, and are also planning to add product integrations that connect their portfolios. Aww...
Similar partnerships have cropped up in the past, but what's significant about this one in particular is that it involves two of the biggest players in cybersecurity, and has them playing nicely with each other. United in security, or something to that effect. It really does make a lot of sense. IBM’s talents in analytics and cognitive solutions fit in rather nicely with Cisco’s security infrastructure and detection capabilities.
“You marry those things and you have a really complementary set of capabilities,” Jason Corbin, Vice President of Strategy and Offering Management for IBM Security, told The VAR Guy. “Quite frankly, we’re meeting in the field anyway. A lot of customers have Cisco gear and IBM for security and analytics and incident response, and it’s just a natural progression for us to start to provide more value on top of our products in an out of box way for our joint customers.”
The two companies will work to make their security tools interoperable with the goal of making it easier for customers to craft an end-to-end security solution within the Cisco-IBM portfolio. Gartner says such services comprise the largest category of spending within the $81.6 billion information security industry.
“Our clients are overwhelmed with the volume of tools and solutions that are out there. Us tying our solutions together in a meaningful way has a really big impact on our clients in terms of cost, in terms of simplifying, in terms of delivering faster detection,” said Corbin. “What that means to our channel partners is that it’s going to open up some opportunities for our partners that are selling both Cisco and IBM to start to deliver really differentiated solutions in the market, especially given our approach around openness and collaboration that we have on our programs like QRadar.”
Our last story examines the latest report from IDC on the mounting pressure frequent cyberattacks are putting on security teams. The report, which surveyed 600 senior security professionals across the U.S. and Europe, found that security teams are consistently on their heels as the frequency and complexity of these attacks grows:
- 70% of US companies said they tend to invest in security tools only after a serious breach.
- 81% of US companies are not at all or not extensively using machine learning for security purposes.
- 72% of US companies are not using SIEM or using it only in limited capacity.
- 39% reported it usually takes a security analyst 2-4 hours to resolve a security incident.
“The amount of time companies are spending on analyzing and assessing incidents is a huge problem,” said Duncan Brown, associate vice president, security practice, IDC. “The highest-paid, most skilled staff are being tied up, impacting the cost and efficiency of security operations. This is exacerbated when considered alongside the security skills shortage, which has most impact in high-value areas like incident investigation and response. Organizations must ensure that they are using their data effectively to gain key insights quickly to determine cause and minimize impact.”
Other findings from the study include:
- Everyone’s under attack. 62% of firms are being attacked at least weekly, with 30% attacked daily and 10% hourly or continuously. 45% are experiencing a rise in the number of security threats.
- The volume of incidents is challenging. Organizations experience an average of 40 actionable security alerts per week, with this number rising to 77 for finance and 124 for telco.
- Most firms only surface a breach to the board at the last possible moment. Asked when they report a security incident to the board, the top triggers were sensitive data breach (66 percent), compromised customer data (57 percent), and a mandated notification to a regulator (52 percent). Only 35 percent of firms have breach reporting to the board built into their defined incident response processes.
“It’s time to change how we approach incident response,” said Haiyan Song, senior vice president, security markets, Splunk. “As attacks become more advanced, frequent, and take advantage of IT complexity, we must become proactive in our approach to security. It has never been more important for organizations to proactively monitor, analyze and investigate to verify whether there are real threats, then prioritize and remediate the most critical."
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.