On May 18, Panda Security will be holding the Panda Security Summit in Madrid, Spain. The aim of this year’s event will be to offer attendees a clear and objective view of the current cybersecurity environment. As such, we will be helping to shed light on a panorama that is intrinsically complex due to its many dimensions and focus on the three structural elements –the virtual world, businesses, and governments– upon which the summit will be focused.
The so-called virtual world, cyberspace, is where practically all our professional lives along with many personal activities take place, and it is also where attacks occur. The main question then is why are we attacked in cyberspace? The prime motive is purely and simply financial, and the essential source of financial gain in this context is the information we have: the data. So why attack in this environment? The virtual world is software-based and software is vulnerable. Cyberattacks are quick and relatively cheap compared to attacks in the real, physical world. This combines with the fact that existing laws against cybercrime are ineffective. Such laws are evolving gradually, though the problem of attributing responsibility persists as, if the culprit cannot be identified, if there is no evidence left, it is as if there is no crime. And as we all know, in cyberspace it is relatively simple for a well-prepared criminal network to leave no trace.
The second element to consider is businesses. More companies than ever have core businesses that are service-based, and this translates into a huge number of bits of information, a very attractive target for cybercriminals.
Finally, governments will become a crucial element in the near future in terms of security. It is not by chance that in the United States, China or Russia there are technology companies that cover all layers of our digital activity, since these make up the backbone of today’s economy. In this scenario, Europe is lagging behind. Similarly, we are witnessing how a new cyberwar is being waged, and is probably the only war able to transfer wealth from one state to another. The states are main players in this war: they have the means, the motives, and the opportunity.
It is evident that in the coming months, these developments in cybercrime will come thick and fast. Attacks will go further because the people behind them are learning rapidly and the tools available to them are also more sophisticated. All the players involved in security in one way or another need to bear in mind that the preventive measures we have taken so far, based on detecting an attack as quickly as possible, are not infallible and take too long in a mobile and aggressive environment developing faster than our defenses.
The cybersecurity triangle
At Panda we take a holistic view of advanced cybersecurity. This view can be framed as a triangle around which we work to ensure security, with the following vertices:
The attack surface has grown exponentially. The transformation to a digital society involves more and more software and more data, and as there are an infinite amount of vulnerable points, complete protection by means of product is now impossible. Such security requires additional people to validate and examine what the products are not able to detect or to arbitrate when two products offer different diagnoses.
So, security for us consists of collecting all the relevant data concerning the behavior of a program, run by a person. This vision clashes directly with the more traditional perspective of using barriers to prevent cyberattacks. The truth is that today all barriers can be penetrated because software is vulnerable. There is no balance between the investment made in security and the probability of an attack and its impact. So there are companies spending vast sums on security that could still have poor protection. This is because the investment is not really focused on securing the devices that contain the valuable assets that need protection: the endpoints.
During the Summit we will be discussing this and other current and future approaches to cybersecurity, analyzing where technology is today, where it will be tomorrow and precisely what all players should do in order to be protected. In the knowledge that threats are evolving faster and the number of attack vectors growing, can you afford to miss the Panda Security Summit?
Panda Security President