Global trends of IT methods created by private providers of counteracting cyber-attacks (like Identity orchestration) – Change of Polish cybersecurity law important for foreign suppliers of IT equipment to the public sector and public utility institutions in Poland due to global threats

Identification of the hacking problem

Based on the US Cybersecurity Trends Report (link to an online source at the end of the article), the hacking phenomenon records an increase in cyber-attacks in 2019 and 2020. From the legal perspective, what is particularly interesting is a significant increase in the recorded data loss events as a result of hacking activities in relation to the number of cases in individual years in the 2015-2020 prediction. One of the studies in the indicated report shows two specific moments over the years. The first one took place in 2016-2017, where we see an increase in hacker attacks by nearly 2,000 violations, but this is not related to a proportional increase in lost data, which differs from those from 2016 by about 1.5 million. In 2017, there was a slight increase in infringements, but more importantly, less data was lost. The second of these important moments indicated by the experts took place in 2018-2019, when there was a drastic increase in lost data with a slight increase in violations compared to 2018. We are seeing a drastic decrease in the number of breaches with a simultaneous huge increase in lost data.

From the analysis of the report, a surprising conclusion can be drawn that currently data breaches by hackers are less and less frequent compared to previous years, but much more effective.

The report also shows annual global cybersecurity transactions and equity financing in 2016-2021. In this respect there can be observed the huge projected increase in cash outlays for the cybersecurity target compared to 2020. The projected increase is over $ 10 billion. Despite the increase in spending, there has been a decline in the number of cybersecurity contracts.

The report presents the share of global cybersecurity transactions in 2020 by country. The first thing that throws up is that the US has over a half of shares in global market and is thus becoming a sort of hegemon in the fight against hackers. China ranks second with 12%. On the other hand, Israel ranks third with a 10% share, also showing a 4% increase compared to 2019. With the same trend, it has a good chance of overtaking China in this respect. The report shows the number of annual departures from the cybersecurity sector through mergers and acquisitions and stock market debuts. In the years 2016-2019, an upward trend can be noticed. From year to year, the number of departures increased by 100.

The report also shows the ratio of the increase in the number of the so-called megarounds (contracts worth over $100 million), which results in an increase in the volume of transactions.

All these increases in value did not go unnoticed. The consequence of the development of this type of industry, which is cybersecurity, is the creation and development of private companies. There are already over 30 companies in the world involved in the development of cybersecurity technologies, the value of which exceeds $ 1 billion. In Europe, for example, Acronis is such a company.

Almost 75% of cyber defenders are based in the United States, most of them in California. Second place, with almost 20% concentration of cyber defenders, is Israel. Canada and Ireland boast one “cyber defender” within their borders. In Canada it is the company “Isara”, and in Ireland “Tines”.

Methods of counteracting cyber attacks

There can be differentiated various methods of counteracting cyber-attacks. Most innovative ones are presented below:

“Identity orchestration”

This method is based on managing access to multicloud environments and enforcing the least privileged framework.

Two companies specialize in this method: “Ermetic” and “STRATA”. It is worth remembering that companies operating in on-premise systems and many clouds lack one, unified solution for identity management and limiting access to data and systems. The report shows how often companies dealt with an incident related to the security of a public cloud. In almost all of the countries surveyed, this problem exceeds 50%. Managing identity and access for any cloud and on-premises application can be a problem, so startups of all kinds take up the challenge of unifying identities across their IT infrastructure. As for identity orchestration, Ermetic inventories identities and assets across multiple clouds. Identifying risky permissions and behaviors across all cloud platforms and applying uniform rules can reduce the impact of cyber attacks. In turn, as for “STRATA”, it provides an abstraction layer for consolidating divergent identity management systems. By providing a single identity solution for on-premise applications and multicloud deployments, “STRATA” helps reduce security risks.

“Data Firewalls”

It consists in classifying, monitoring and controlling access to the most valuable data of the enterprise. Companies specializing in this protection are, for example, “Cyral” and “Open Raven”.

Companies face financial and reputational costs when their data is stolen by hackers or disclosed to the public. The report shows clearly that the 3 sectors that have the greatest problem with data theft or data leakage to the public are healthcare, energy and finance. 80% of data breaches contain customer identification information. In turn, 32% of data breaches concern intellectual property.

“Security Creds”

The above method is met by meeting compliance standards and conducting security audits. The companies “Vanta” and “Drata” specialize in this area.

The description of the methods in the report is guided by the rule that “a company is only as strong as its weakest partner”. In adapting to this new threat landscape, companies strive to differentiate themselves from the competition and gain customers by displaying their security credentials. In order to verify the attitude in the field of cybersecurity and acquire customers, companies undergo audits in order to obtain security certificates.

“Outsourced Security”

It stands for putting cybersecurity into the hands of external contractors. Detection and response service providers often use artificial intelligence to help companies identify and respond to threats. Their view of all customers can provide a better understanding of the threat landscape. The companies “ActZero” and “Confluera” specialize in this method.

„SaaS Security”

The above-mentioned concept can be interpreted as securing a growing ecosystem of SaaS applications for enterprises. In recent years, companies from various industries have increasingly used SaaS applications, i.e. third-party software operating in the cloud. Managing and monitoring a growing network of applications provides a unique set of challenges. In 2020, the leading industry in the use of SaaS applications is Technology, where as many as 155 applications were in use.

The use of Saas applications comes with an obligation, namely organizations using Saas applications must develop a plan to manage and secure their growing application ecosystems, especially for the users who have access to them. Emerging cybersecurity service providers are tackling this challenge by mapping corporate SaaS applications and implementing the necessary measures to secure the application ecosystem.

The above Saas customers responsibilities include:

1. Securing user access to the application
2. Verification of the identity of logging in users
3. Data / application integration

What steps does Saas take to protect the data of customers using the ecosystem of the above-mentioned application?

It does this in 3 ways.

1. It has constant access to all SaaS ecosystems.
2. It manages rights to SaaS applications
3. It monitors all activity within the limits of the SaaS application.

Companies specializing in SaaS protection are “AppOmni” and “Grip”. “AppOmni” monitors the Saas application ecosystem in search of suspicious activity, and manages user access to the data and the application itself. On the other hand, “Grip” maps SaaS applications and monitors their use, and helps to identify abuses and set permissions to reduce the risk.

„Crypto defense”

This type of cyber protection focuses on protecting the integrity of blockchain transactions.

What is blockchain?

Blockchain is a technology that stores and transmits information about transactions concluded on the Internet. This information is arranged in the form of consecutive data blocks. One block contains information about a certain number of transactions, then, after it is saturated, another block of data is created, followed by the next and the next, creating a kind of chain. Information about various types of transactions, e.g. trading, buying or selling currencies, including cryptocurrencies, can be sent there. The main essence of blockchain operation is to maintain a joint and collective transaction ledger in digital form, distributed over the network, in the same copies (more about Blockchain technology at: https://www.lazarski.pl/pl/wydzialy-i-jednostki/instytuty/wydzial-ekonomii-i-zarzadzania/centrum-technologii-blockchain/co-to-jest-blockchain-i-jakie-moze-miec-znaczenie-z-punktu-widzenia-ekonomii/ )  

It has to be kept in mind that blockchain is not inherently secure. Although blockchain has features that support security and privacy (such as an immutable ledger), it is not immune to cyber attacks. As evidence that blockchain technology is not secure, it can be demonstrated that more than $ 500 million was lost or stolen from decentralized financial projects (DeFi) in 2020.

Companies dealing with this type of protection are “valid.network” and “CERTIK”.

The first organization offers tools for detecting weaknesses in decentralized application code and monitors and controls transactions in real time. The latter, on the other hand, uses a formal verification method developed by scientists at Yale University to mathematically prove “the correctness of the program and its resistance to hackers.”

„Security-infused networks”

This method is understood as anti-hacker protection, mainly concerned with adding security to corporate networks.

Particularly in the environment of remote work, companies rely on reliable networks to enable safe transfer of information. Historically, these networks have been protected with numerous point solutions (e.g. VPNs, firewalls, VPN security brokers, firewalls, cloud access security brokers) which can frustrate IT teams and employees.

Startups and technology companies implement cyber security in software-defined network solutions (eg SD-WAN). A unified security model that is delivered as a service reduces complexity and helps multiple businesses keep their cybersecurity protocols up to date.

Some examples of the above technology providers are “Twingate” and “Ananda”.

“Twingate” provides users with secure access to corporate applications. The company secures networks by offering built-in access control and keeping them invisible to the internet. In turn, “Ananda” offers a cloud-managed, secure global local area network (LAN). The company enables companies to create their own private networks with security features such as encryption, microsegmentation and granular access control.

„Cyber automation”

This concept covers the development of cybersecurity processes and the automation of workflows. In the context of this type of protection, attention should be paid to a significant problem. Cyber-attacks, alerts and vulnerabilities continue to grow while the supply of qualified cybersecurity specialists remains limited.

The solution to this problem is automation, which increases the capabilities of cybersecurity workers. Companies using defined cybersecurity and threat data workflows have automated cyber processes and integrated with supporting systems such as Slack, Atlassian and SIEM (security information and event management). Automation of these processes significantly solves the problem of a small supply of qualified specialists. However, automation is also a kind of risk as what is automated can also be hacked.

In the context of this new risk, companies that specialize in protecting “cyber automation“, namely “Tines” and “Strike Ready”, can be named.

The former organization offers a code-less platform for automating workflow processes. It integrates with many technical tools for enterprises (e.g. Okta, Slack). Tines can automate tasks such as responding to phishing (a fraud method in which a criminal impersonates another person or institution to obtain confidential information), enrich security reports, and receive alerts.

The second organization, “Strike Ready”, develops digital cyber awareness and response analytics to analyze and resolve security incidents. The company can help security teams be more efficient and effective by autonomously prioritizing alerts, conducting vulnerability testing, and responding to attacks.

„API protection”

This is an activity to ensure the visibility of APIs to prevent malicious activity.

In the last few years, the use of an application programming interface (API) has grown rapidly in all industries over the past years. This comes with security risks that require new safeguards. The threats related to the API include:

1. Code injection
2. Faulty authentication process
3. Overexposure of data
4. No usage limits.

Companies are emerging, some developing solutions to secure API development, including vulnerability testing and ensuring proper configuration, while others monitor and respond to API abuse such as code injection and unauthorized access.

In the context of this protection, companies “Noname” and “Traceable” can be mentioned

Traceable discovers, secures and monitors APIs. Their product protects against known threats (eg SQL injection, Cross-Site Scripting) and also provides visibility into API activity to identify, investigate and solve the threat.

Noname, on the other hand, offers a suite of API security tools. The API security platform can locate corporate APIs, identify suspicious activity, and block attacks in real time. It can also test the integrity of APIs before production.

„Cyber insurance”

It is cyber risk management and financial securing of cyber costs.

Over the past 3 years, the impact of hacking on an affected company has become increasingly costly. Experts in the analysed report cited estimate that the theft of 10 million records could cost the company $ 100 million.

The above problem has created a niche that is efficiently filled by companies offering risk analysis tools, companies and insurers that are trying to solve the main challenges hampering market development, i.e. the lack of historical data on which to base risk models and the possibility of incurring significant sludge.

The organizations “Cowbell Cyber” and “Cyber Cube” specialize in this field.

The former uses data analytics and cybersecurity monitoring to offer cyber insurance. When defining the range, the company takes into account factors such as cybersecurity attitude and knowledge of the so-called “Dark web”. It also offers services such as cyber awareness training to reduce a company’s cyber risk.

The activity of the second organization consists in providing insurance companies with cybersecurity analysis and data enabling the determination of insurance risk. By compiling cybersecurity datasets and developing risk models, CyberCube provides insight into the development of cybersecurity insurance products.

„Shift left security”

This type of protection is dedicated to reducing the vulnerability of the application development stage.

When it comes to software development, security considerations are often the last step before going live. Building software without security considerations can at best lead to delays and inefficiencies, and at worst, create serious security holes.

There are many points in the software lifecycle at which security measures can be added, which can reduce the likelihood of security vulnerabilities and the time it takes to deploy more secure applications. Specialized companies have been established that approach these points of software development with solutions that reduce risk.

These organizations include, among others “Cycode” and “BlueBracket”.

The “Cycode” company secures the software development process from source code to cloud configuration. The company provides tools such as code fingerprinting, misconfiguration scanning and enforcement of security policies to reduce security risks in the software life cycle.

The second organization, “BluBracket”, protects the software code by assessing its risk and tracking its usage. By tracking sensitive code, highlighting misconfigurations and scanning code repositories for threats such as encrypted secrets or multiple owners, BluBracket brings security to the software development process.

„Secure data sharing”

This is an activity to protect the privacy of data shared with third parties or used for analysis.

In order to use existing data (e.g. to identify new medical treatments, develop customer personal information in retail, etc.), companies may seek to share, aggregate and analyze sensitive information, which may be a potential target for hackers. The protective elements of encrypted data have historically been at the expense of analysis and collaboration. However, new techniques have been developed to increase the usability of the data while maintaining its security.

Privacy preserving computation (PPC) is as follows:

1. Trusted Runtime
2. homomorphic encryption
3. differentiated privacy
4. secure multilateral computing

Examples of organizations specializing in the above-mentioned activities are “Cape Privacy” and “TripleBlind”.

Cape Privacy enables scientists to share and work with encrypted data. The product allows organizations to train AI models on encrypted data so that they can be shared without compromising privacy and security.

“TripleBlind” provides a solution for sharing and analyzing encrypted data. The platform offered by this organization allows companies to encrypt their data and algorithms to support secure data analysis and sharing.

„Auto security”

This type of cyber-protection is about defending connected vehicles against wireless and proximity attacks. Modern technologically advanced vehicles not only have access to the Internet, but also very often store various types of data. As a result, vehicles are becoming data centers on wheels that open up new opportunities for hackers.

Organizations that protect such vehicles against cyber-attacks are, for example, “Upstream” and “C2A”.

The first organization, monitors vehicles to identify and respond to cyber attacks and abuse. The company’s platform analyzes automotive data to detect and respond to cyber threats. The second organization, on the other hand, provides a tool to monitor the vehicle’s internal systems.

The company’s goal is to support car suppliers and manufacturers by offering security capabilities that identify attacks on vehicle systems (e.g. powertrain, ADAS).

„Post-quantum cryptography”

The above can be understood as:

1. cryptography based on the so-called “Trusses” – based on the abstract structures of mathematics.
2. Kodac-based cryptography – uses error correction codes that allow you to check the reading of the transmitted data for errors and correct them in real time.
3. multidimensional cryptography – based on solving multivariate equations. These equations are difficult to solve by brute force.

This type of protection is worked out, among others, by “ISARA” and “QuSecure”.

Isara offers tools to protect against future quantum attacks. In particular, ‘Isara’ allows companies to view and manage their crypto assets or infrastructure with a single tool that can support the transition to quantum safe algorithms.

On the other hand, “QuSecure” also provides solutions to avoid attacks using quantum computing by using quantum-safe algorithms. “QuSecure” provides solutions for key management and data security at rest.

Amendment of the Polish Act on Cybersecurity

The ongoing revolution of tools to combat cyber-attacks causes changes in cybersecurity law in such a way as to create legal instruments for public institutions to define legal rules for assessing which activities on data are illegal and, consequently, qualified as hacking. In addition, national regulations on IT service providers provide an opportunity to specify the criteria for cooperation between entities providing solutions in this respect.

A good example of such a law-making reaction is the amendment to the Polish act on cybersecurity. The most important change introduced by the amendment to the Cybersecurity Act is the introduction of non-technical supplier assessment criteria, such as a criterion aimed at analyzing a given supplier in order to check whether this supplier is under the control of a country outside the EU or NATO or not. If, in relation to a given supplier, a high risk of remaining under the above-mentioned control is detected, such supplier is excluded from procurements. The following changes in the Polish law from the perspective of cybersecurity regulations also include:

– rebuilding the cooperation model within the national cybersecurity system. Sectoral cybersecurity teams and cybersecurity service providers will be replaced by sectoral CSIRTs and SOCs (operational security centers), respectively, with only slightly changed tasks.

– the addition of a new type of entity – ISAC – which is to allow small and specialized entities to join the national cybersecurity system.

– strengthening the position of the government representative responsible for cyber security by providing him with specific powers in the field of issuing critical incident warnings together with the recommendation of specific behaviors. The said government representative will also be able to issue recommendations aimed at strengthening the level of cybersecurity of information systems of the entities of the national cybersecurity system. In turn, these entities will be required to take into account these recommendations during the risk management process. It will be up to these entities to decide whether to follow these recommendations.

– the establishment of the Polish National Cybersecurity Certification System under which cybersecurity certificates will be issued.

– The minister responsible for computerization will prepare programs on the basis of which it will be possible to conduct certification. Ultimately, these programs will be adopted by ordinance of the Council of Ministers.

– The supervisory authority will audit entities belonging to the national cybersecurity certification system. In the scope of certificates referring to the “high” trust level, it will also approve each issued certificate. This solution is intended to be a guarantee that the assessment of compliance to the highest level of security will be carried out in accordance with the best standards in this field.

– Defining procedures for accreditation of conformity assessment bodies and procedures for issuing certificates.

– Defining the obligations of the entities of the national cybersecurity certification system.

Legislation process of Polish Cyber Security Act:

https://legislacja.rcl.gov.pl/projekt/12337950/katalog/12716624#12716624

Draft amendment to the Act with justification:

https://legislacja.rcl.gov.pl/docs//2/12337950/12716624/12716625/dokument493122.pdf

Link to the website where the analysed Report can be downloaded: https://www.cbinsights.com/research/report/cyber-defenders-2021/