IT security starts with knowing your assets: Europe, the Middle East, and Africa
Nations in Europe, the Middle East, and Africa are taking note: the European Commission plans to build a Joint Cyber Unit to tackle large-scale cyberattacks. The government of Saudi Arabia launched the National Cybersecurity Authority to enhance the country’s cybersecurity posture. And the African Union has identified cybersecurity as part of its Agenda 2063 for transforming Africa.
To explore the challenges facing today’s cybersecurity teams and the strategies they must embrace to protect the attack surface—the sum of points an unauthorized user can use to gain access to an organization’s systems— MIT Technology Review Insights and Palo Alto Networks conducted a survey of 728 business leaders. The survey was global, with 38% of respondents from Europe and 13% from the Middle East and Africa. Their responses, along with the input of industry experts, provide a solid framework for safeguarding against a growing battalion of bad actors and fast-moving threats.
But organizations themselves can also take critical steps to better understand where attacker entry points are in their information technology (IT) environments in a smart, data-driven manner.
The vulnerabilities of a cloud environment
The cloud continues to play a critical role in accelerating digital transformation. And for good reason: cloud offers solid benefits, such as increased flexibility, cost savings, and greater scalability. Yet cloud-based environments account for 79% of observed exposures, compared with 21% for on-premises assets, according to the “2021 Cortex Xpanse Attack Surface Threat Report.”
That’s concerning, given that 53% of survey respondents in Europe, and 48% of those in the Middle East and Africa, report that more than half of their assets are in the cloud.
“Many companies started their journey to the cloud because it made sense,” says Amitabh Singh, chief technology officer for Europe, the Middle East and Africa at Cortex, Palo Alto Networks’ security operations platform division. But there are pitfalls, too, he says.
“With the cloud, the high wall around organizations’ core assets and infrastructure has melted away. As a result, some of the assets companies thought were secure may be exposed to vulnerabilities.”
Certainly, there are technologies that can bolster cloud security. But Singh says many organizations in Europe have been slow to adopt more innovative tools. “I still see companies struggling with old antivirus and anti-malware platforms,” he says.
Remote work has also contributed to increasing cybersecurity risks for cloud environments. Remote workers rely on the cloud to do their jobs, whether it’s corresponding with co-workers, collaborating on projects, or getting on video conferencing calls with clients. And when IT, now at a physical remove, is not responsive to their needs, remote workers can easily shop for their own online solutions to problems. It’s what’s known as shadow IT: it bypasses normal cybersecurity practices—and opens up a world of worry for IT teams.
Just ask Chris Sandford, director of industrial cybersecurity services at Applied Risk, an industrial cybersecurity consultancy in the Netherlands. Sandford says while work-from-home arrangements have long been common in Northern Europe, “there are many companies that weren’t ready for remote work and its associated challenges and vulnerabilities” when the 2020 coronavirus pandemic forced many employees to work from home. Case in point: the majority (53%) of respondents in Europe, and 35% in the Middle East and Africa, say they have experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital assets.
Sandford provides the hypothetical example of an employee who uses an unsecured cloud server to access business applications without the necessary authentication or authorization measures in place. “How do you know someone’s not backtracking from that cloud back into your own network?” he asks. “There’s very limited visibility or understanding of that cloud service.”
A powerful action plan
Fortunately, there are steps organizations in Europe, the Middle East, and Africa can take to minimize exposure to cybersecurity threats and gain control of their cloud environments. Most survey respondents in Europe (70%) and the Middle East and Africa (89%) rely on continuous asset monitoring technology for protection. Long gone are the days when companies could take an ad hoc approach to identifying security risks.
“In the good old days, when we were managing vulnerabilities, we used to scan our infrastructure on a regular basis, find the vulnerabilities, and then patch them,” says Singh. “Now, we don’t have the luxury of time. If there are vulnerabilities, and we don’t manage them almost on an instantaneous basis, bad actors can exploit them.”
Download the full report.
Find out what organizations in other regions of the world are doing to understand and counter today’s cyberthreats.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.
Fostering innovation through a culture of curiosity
And so I think a big part of it as a company, by setting these ambitious goals, it forces us to say if we want to be number one, if we want to be top tier in these areas, if we want to continue to generate results, how do we get there using technology? And so that really forces us to throw away our assumptions because you can’t follow somebody, if you want to be number one you can’t follow someone to become number one. And so we understand that the path to get there, it’s through, of course, technology and the software and the enablement and the investment, but it really is by becoming goal-oriented. And if we look at these examples of how do we create the infrastructure on the technology side to support these ambitious goals, we ourselves have to be ambitious in turn because if we bring a solution that’s also a me too, that’s a copycat, that doesn’t have differentiation, that’s not going to propel us, for example, to be a top 10 supply chain. It just doesn’t pass muster.
So I think at the top level, it starts with the business ambition. And then from there we can organize ourselves at the intersection of the business ambition and the technology trends to have those very rich discussions and being the glue of how do we put together so many moving pieces because we’re constantly scanning the technology landscape for new advancing and emerging technologies that can come in and be a part of achieving that mission. And so that’s how we set it up on the process side. As an example, I think one of the things, and it’s also innovation, but it doesn’t get talked about as much, but for the community out there, I think it’s going to be very relevant is, how do we stay on top of the data sovereignty questions and data localization? There’s a lot of work that needs to go into rethinking what your cloud, private, public, edge, on-premise look like going forward so that we can remain cutting edge and competitive in each of our markets while meeting the increasing guidance that we’re getting from countries and regulatory agencies about data localization and data sovereignty.
And so in our case, as a global company that’s listed in Hong Kong and we operate all around the world, we’ve had to really think deeply about the architecture of our solutions and apply innovation in how we can architect for a longer term growth, but in a world that’s increasingly uncertain. So I think there’s a lot of drivers in some sense, which is our corporate aspirations, our operating environment, which has continued to have a lot of uncertainty, and that really forces us to take a very sharp lens on what cutting edge looks like. And it’s not always the bright and shiny technology. Cutting edge could mean going to the executive committee and saying, Hey, we’re going to face a challenge about compliance. Here’s the innovation we’re bringing about architecture so that we can handle not just the next country or regulatory regime that we have to comply with, but the next 10, the next 50.
Laurel: Well, and to follow up with a bit more of a specific example, how does R&D help improve manufacturing in the software supply chain as well as emerging technologies like artificial intelligence and the industrial metaverse?
Art: Oh, I love this one because this is the perfect example of there’s a lot happening in the technology industry and there’s so much back to the earlier point of applied curiosity and how we can try this. So specifically around artificial intelligence and industrial metaverse, I think those go really well together with what are Lenovo’s natural strengths. Our heritage is as a leading global manufacturer, and now we’re looking to also transition to services-led, but applying AI and technologies like the metaverse to our factories. I think it’s almost easier to talk about the inverse, Laurel, which is if we… Because, and I remember very clearly we’ve mapped this out, there’s no area within the supply chain and manufacturing that is not touched by these areas. If I think about an example, actually, it’s very timely that we’re having this discussion. Lenovo was recognized just a few weeks ago at the World Economic Forum as part of the global lighthouse network on leading manufacturing.
And that’s based very much on applying around AI and metaverse technologies and embedding them into every aspect of what we do about our own supply chain and manufacturing network. And so if I pick a couple of examples on the quality side within the factory, we’ve implemented a combination of digital twin technology around how we can design to cost, design to quality in ways that are much faster than before, where we can prototype in the digital world where it’s faster and lower cost and correcting errors is more upfront and timely. So we are able to much more quickly iterate on our products. We’re able to have better quality. We’ve taken advanced computer vision so that we’re able to identify quality defects earlier on. We’re able to implement technologies around the industrial metaverse so that we can train our factory workers more effectively and better using aspects of AR and VR.
And we’re also able to, one of the really important parts of running an effective manufacturing operation is actually production planning, because there’s so many thousands of parts that are coming in, and I think everyone who’s listening knows how much uncertainty and volatility there have been in supply chains. So how do you take such a multi-thousand dimensional planning problem and optimize that? Those are things where we apply smart production planning models to keep our factories fully running so that we can meet our customer delivery dates. So I don’t want to drone on, but I think literally the answer was: there is no place, if you think about logistics, planning, production, scheduling, shipping, where we didn’t find AI and metaverse use cases that were able to significantly enhance the way we run our operations. And again, we’re doing this internally and that’s why we’re very proud that the World Economic Forum recognized us as a global lighthouse network manufacturing member.
Laurel: It’s certainly important, especially when we’re bringing together computing and IT environments in this increasing complexity. So as businesses continue to transform and accelerate their transformations, how do you build resiliency throughout Lenovo? Because that is certainly another foundational characteristic that is so necessary.
The Download: covid’s origin drama, and TikTok’s uncertain future
This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.
Newly-revealed coronavirus data has reignited a debate over the virus’s origins
This week, we’ve seen the resurgence of a debate that has been swirling since the start of the pandemic—where did the virus that causes covid-19 come from?
For the most part, scientists have maintained that the virus probably jumped from an animal to a human at the Huanan Seafood Market in Wuhan at some point in late 2019. But some claim that the virus leaped from humans to animals, rather than the other way around. And many continue to claim that the virus somehow leaked from a nearby laboratory that was studying coronaviruses in bats.
Data collected in 2020—and kept from public view since then—potentially adds weight to the animal theory. It highlights a potential suspect: the raccoon dog. But exactly how much weight it adds depends on who you ask. Read the full story.
This story is from The Checkup, Jessica’s weekly biotech newsletter. Sign up to receive it in your inbox every Thursday.
Read more of MIT Technology Review’s covid reporting:
+ Our senior biotech editor Antonio Regalado investigated the origins of the coronavirus behind covid-19 in his five-part podcast series Curious Coincidence.
+ Meet the scientist at the center of the covid lab leak controversy. Shi Zhengli has spent years at the Wuhan Institute of Virology researching coronaviruses that live in bats. Her work has come under fire as the world tries to understand where covid-19 came from. Read the full story.
+ This scientist now believes covid started in Wuhan’s wet market. Here’s why. Michael Worobey of the University of Arizona, believes that a spillover of the virus from animals at the Huanan Seafood market was almost certainly behind the origin of the pandemic. Read the full story.
I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.
1 TikTok’s future in the US is hanging in the balance
Banning it is a colossal challenge, and officials still lack the legal authority to do so. (WP $)
+ TikTok CEO Shou Zi Chew was grilled by a congressional committee. (FT $)
+ He told lawmakers the company would earn their trust. (WSJ $)
+ Meanwhile, TikTok paid for influencers to travel to DC to lobby its cause. (Wired $)
2 A crypto fugitive has been arrested in Montenegro
Do Kwon has been on the run since TerraUSD stablecoin collapsed last year. (WSJ $)
+ Want to mine Bitcoin? Get yourself to Texas. (Reuters)
+ What’s next for crypto. (MIT Technology Review)
3 Twitter’s getting rid of its legacy blue checks
On the entirely serious date of April 1. (The Verge)+ The platform’s still an unattractive prospect for advertisers. (Vox)
4 Chatbots are having tough conversations for us
ChatGPT is adept at writing scripts for sensitive talks with kids and colleagues. (NYT $)
+ OpenAI has given ChatGPT access to the web’s live data. (The Verge)
+ How Character.AI became a billion-dollar unicorn. (WSJ $)
+ The inside story of how ChatGPT was built from the people who made it. (MIT Technology Review)
5 Jack Dorsey’s Block has been accused of fraudulent transactions
The payments company denied it, and claims it inflated its users numbers, too.(FT $)
+ Dorsey doesn’t have a track record of caring about this kind of thing. (The Information $)
6 Homeowners associations are secretly installing surveillance systems
The system tracks license plates and follows residents’ movements. (The Intercept)
7 Inside the tricky ethics of using DNA to solve crimes
A new database could help to protect users’ privacy. (Wired $)|
+ The citizen scientist who finds killers from her couch. (MIT Technology Review)
8 There’s plenty of reasons to be optimistic about the climate
Healthier, more sustainable diets are a good place to start. (Scientific American)
+ Taking stock of our climate past, present, and future. (MIT Technology Review)
9 TikTok keeps hectoring us
It seems we just can’t get enough of being aggressively told what to do. (Vox)
10 Don’t get scammed by a deepfake
CallerID can’t be trusted to protect you from rogue AI calls. (Gizmodo)
Quote of the day
“Wait, I need content.”
—TikTok fashion creator Kristine Thompson refuses to miss a content opportunity during a trip to the US Capitol to lobby against a potential TikTok ban, she tells the New York Times.
The big story
This sci-fi blockchain game could help create a metaverse that no one owns
Dark Forest is a vast universe, and most of it is shrouded in darkness. Your mission, should you choose to accept it, is to venture into the unknown, avoid being destroyed by opposing players who may be lurking in the dark, and build an empire of the planets you discover and can make your own.
But while the video game seemingly looks and plays much like other online strategy games, it doesn’t rely on the servers running other popular online strategy games. And it may point to something even more profound: the possibility of a metaverse that isn’t owned by a big tech company. Read the full story.
We can still have nice things
A place for comfort, fun and distraction in these weird times. (Got any ideas? Drop me a line or tweet ’em at me.)
+ If underwater terrors are your thing, Joe Romiero takes some seriously impressive shark pictures and videos.
+ Try as it might, Ted Lasso’s British dialog falls wide of the mark.
+ Let’s have a good old snoop around some celebrities’ bedrooms.
+ Why we can’t get enough of those fancy candles.
+ Interviewing animals with a tiny microphone, it doesn’t get much better than that.
Taking stock of our climate past, present, and future
Before you say anything, I do know that it is, in fact, nearly April. But this week has the distinct feeling of a sort of climate change New Year’s to me. Not only is it the spring equinox this week, which is celebrated as the new year in some cultures (Happy Nowruz!), but we also saw a big UN climate report drop on Monday, which has me in a very contemplative mood.
The report comes from the UN Intergovernmental Panel on Climate Change (IPCC), a group of scientists that releases reports about the state of climate change research.
The IPCC works in seven-year cycles, give or take. Each cycle, the group looks at all the published literature on climate change and puts together a handful of reports on different topics, leading up to a synthesis report that sums it all up. This week’s release was one of those synthesis reports. It follows one from 2014, and we should see another one around 2030.
Because these reports are a sort of summary of existing research, I’ve been thinking about this moment as a time to reflect. So for the newsletter this week, I thought we could get in the new year’s spirit and take a look at where we’ve come from, where we are, and where we’re going on climate change.
Climate past: 2014
Let’s start in 2014. The concentration of carbon dioxide in the atmosphere was just under 400 parts per million. The song “Happy” by Pharrell Williams was driving me slowly insane. And in November, the IPCC released its fifth synthesis report.
Some bits of the 2014 IPCC synthesis report feel familiar. Its authors clearly laid out the case that human activity was causing climate change, adaptation wasn’t going to cut it, and the world would need to take action to limit greenhouse-gas emissions. I saw all those same lines in this year’s report.
But there are also striking differences.
First, we were in a different place politically. World leaders hadn’t yet signed the Paris agreement, the landmark treaty that set a goal to limit global warming to 2 °C (3.6 °F) above preindustrial levels, with a target of 1.5 °C (2.7 °F). The 2014 assessment report laid the groundwork for that agreement.