A new frontier for the digital leadership of intelligent organizations: Cyber resilience

Today, organizations are fully digital. This is a matter of fact and quite evident to everybody, but the scope of this phenomenon was not the same three years ago and it will be significantly different in three years. User-generated content is booming – by 2020 it will reach 2.6 zettabytes (ZB) of internet traffic, more than quadrupling since 2015 – and business generated content is also growing – up to 1.7 ZB in 2020, more than tripling since 2015. We will see a continuous exponential growth of these numbers in the next decade, from both the consumer and business sides.

Such huge amounts of generated data, internet traffic, and connected devices are possible thanks to the development of two fundamental technologies:

• cloud (access, computing, storage), which is helping organizations reduce costs, accelerate new business development, transform their processes and adapt more quickly to changing customer needs
• broadband communication systems, which are making it possible to exchange huge amounts of data in almost real time, bringing “intelligence” to the edge, and allowing for new applications to be developed.

If we combine these two innovation streams with the advancements in the mobile industry (through miniaturization and advanced sensors), in computing (embedded and high performance), in robotics, augmented reality, and artificial intelligence, then it becomes evident how large the technology footprint of the digital infrastructure that organizations use every day, both directly and indirectly, really is.

This is the internet of systems, where ICT technologies are the foundation and the enabling factor. Digital transformation is based on these new intelligent distributed systems, the “cyber-physical” systems that are pervasive. All the major modernization projects taking place in banking, insurance, health, industry, and, in large urban infrastructures, will lead us to unprecedented improvements but they do imply new cyber risks and vulnerabilities. Therefore, the services and applications that are delivered through such digital infrastructures are subject to the threats and vulnerabilities of every component of the system. The result is an ever-larger attack surface: managing the related cyber risk is the key to achieve digital leadership.

We have already commented on the interconnectedness of digital organizations, where every process (manufacturing, logistics, procurement, etc.) is integrated with suppliers’ and customers’ assets. For this reason, threat actors are likely to exploit supply chains and their weakest link to conduct their attacks, which, in turn, will not only be targeting personal and company data, but operational technologies (such as SCADA systems and industrial control systems, or ICS) as well, with the potential to disrupt critical infrastructures and the business of small, medium, and large enterprises – if not entire sectors.

So, what is the typical trait of a cyber-resilient organization? Obviously, there is no short answer. At Capgemini, we work with customers in all sectors to jointly design and implement their cybersecurity strategy and capability development roadmap.

A key success factor to achieve cyber-resilience is the ability to anticipate threats before they can impact the organization, dynamically shaping the security posture to reduce risk while optimizing real-time resource availability and ensuring that the business is safe and employees as well as customers can live a secure and qualitative digital experience.

All these functionalities are enabled by Capgemini cybersecurity services, which are built on our international network of next-generation security operation centers, and our people, cyber-intelligence analysts and cybersecurity experts. Moreover, with the recent Leidos Cyber-acquisition, we have strengthened our position on threat intelligence with new technologies and algorithms that are used to protect critical and defense industries.

Through Capgemini’s Threat Intelligence Platform, our analysts are able to combine granular, continuously updated information about cyber threats with rigor, using AI, analytics, and automation. Threat intelligence is natively integrated with our SOC infrastructure and incident prevention processes: Capgemini Security Operation Centers detect threats quickly and accurately and deliver early warnings, alerts, and recommended actions for IT and end users, in order to respond effectively and prevent successfully attacks.

Our Managed Security Services allow customers to significantly improve their SOC and computer emergency response team, through

• Complete, accurate, up-to-date, and specialized threat intelligence
• Brand, asset, and credential monitoring
• Indicators of compromise and adversary identification
• New vulnerabilities identification within the customers’ technology stack

Our solid knowledge of our customers’ business allows Capgemini to develop bespoke service solutions and procedures to properly define the cyber risk, its economic impact, and wisely allocate investments.

Risk management and security orchestration, automation, and response (SOAR) are two interconnected key functionalities that need to be based on integrated holistic methodologies for combined information security (business, logical, physical, IT and industrial). The combination of security governance and SOAR technologies will enable fast, informed, and effective decision making to reduce operational costs, improve resilience, and enable the business. Through the years, Capgemini has developed a unique datalake of cyber threats, vulnerabilities, and attackers’ profiles and techniques. This datalake is continuously growing thanks to our threat intelligence platform, enabling the best customer protection experience through our managed security service portfolio.

With a global web of SOCs and research labs, and presence in over 200 countries, we can deliver the highest level of service, skills, and managed services the digital organizations deserve, anywhere in the world.

For more details on how we can help your organization, please reach out to me.

The article was drafted by Alessandro Menna.