Thorsten Stremlau, Trusted Computing Group’s Marketing Work Group Co-Chair, highlights the importance of cybersecurity, as well as the risks of cyber-attacks and how best to protect against them
The number of high-value breaches for companies is increasing every year, making cybersecurity a top priority for C-level executives. According to a Cisco study, there has been a 350% increase in ransomware attacks annually and the Ponemon Institute predicts that the average cost of a data breach is $4 million. Yet, around 80% of breaches are caused by bad system configurations and passwords which means that human error continues to be the biggest security threat for organisations. Further to this, up to 87% of senior managers have admitted to accidentally leaking business data. Cybersecurity needs to be a corporate priority, from senior executives throughout the rest of the company and implemented into everyday operational activities.
The Onion Skin model
The key to maximum cybersecurity protection is to take a multi-layered approach with security embedded into every layer. With several levels of defence in place, organisations can be fully prepared for the wide variety of security breaches that are possible, as well as being future-proofed as attacks become more advanced in the future. Protecting against human error and accidental leaks is also an integral part of this multi-layered approach.
At the core of the Onion Skin model is hardware; hardening the core of your cybersecurity is imperative to building a good cybersecurity model. Standards organisations such as the Trusted Computing Group (TCG) have set out to address the challenges that cybersecurity brings at every level. Every additional layer of cybersecurity is built on top of a strong hardware core to provide comprehensive cybersecurity that is able to defend against a multitude of attacks.
A critical solution that is currently available across the industry to ensure data and device protection is the Trusted Platform Module (TPM) – a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The TPM is an international standard for a secure cryptoprocessor which allows computer programmes to authenticate devices, since each TPM chip has a unique and secret RSA key burned in as it is produced. Pushing the security down to the hardware level provides more protection than a software-only solution.
TPMs can be used in computing devices other than PCs, such as mobile phones or network equipment and have been built into billions of devices worldwide. As a go-to solution for those looking to protect their embedded systems, a core feature of the TPM is the root of trust measurement. This means that a device can verify its own integrity and health by checking if any modifications have been made while it is off or not in use.
In addition to the root of trust measurement, encryption forms another layer of the onion skin model and it is absolutely vital for devices to have self-encrypting memory and storage abilities.
A new research report on “Trusted Computing” published by Aberdeen Group, a Harte-Hanks Company (NYSE:HHS), reveals that organisations that have deployed applications based on trusted computing infrastructure exhibit superior capabilities in security governance, risk management and compliance compared to other respondents. The term “trusted computing” refers to applications that leverage hardware-based “roots of trust” at the edge of the network and at the endpoints – sometimes referred to as “hardware anchors in a sea of untrusted software” – for higher assurance.
TPMs are a basic building block used in most other specifications, for providing an anchor of trust. They can be used for validating basic boot properties before allowing network access (TNC), or for storing platform measurements (PC Client), or for providing self-measurement to provide anchors of trust to hypervisors (Virtualization).
The four principles of cybersecurity
For optimised protection against a cybersecurity attack, organisations should aim to achieve the following four principles by building a strong Onion Skin model:
- Confidentiality: The data is seen or used only by people who are authorised to access it.
- Integrity: Any changes to the data by an unauthorised user are either blocked or detected and changes by authorised users are tracked.
- Availability: The platform must be available to authorised users when needed.
- Non-repudiation: The source of the data can be validated and verified.
Alongside these key principles, it is crucial that executives address the fact that they are responsible for driving the applications that this cybersecurity is built upon; without thorough cybersecurity education and policies, these extensive measures can be easily left irrelevant. Employees need to be made aware that they are responsible for their own data security and must take the necessary steps to ensure cybersecurity.