After more than a year of posturing over whether it was safe to integrate Huawei's equipment into the UK’s telecom network, . Last January, Boris Johnson decided to allow not only Huawei but also other companies deemed “high-risk” limited access to Britain's 5G networks. the Prime Minister finally made a decision Across the pond, and with good reason. The recent revelation that the at the credit-reporting agency Equifax in 2017 confirms our fears. this decision infuriated President Trump Chinese military was behind a major data breach Protecting critical IT infrastructures from both hackers and government-sponsored threat actors has reached a critical stage, but to achieve it, we have to carefully navigate through networks of increasing complexity and volatility. The concerns surrounding is directly attributed to its Chinese origin. As most successful Chinese companies have close ties to the ruling Communist Party, there’s always fear that they would be forced to install backdoors that allow intelligence agencies (and competitors) access to traffic passing through the network. Huawei Although there’s hardly any evidence of wrongdoing, concerns persist as Huawei's founder and president, , who joined the Communist Party in 1978, was also an engineer in China's army. Ren Zhengfei As a result, core parts of the UK's Critical National Infrastructure, communication networks, and sensitive nuclear and military sites will remain off-limits. Furthermore, the government has also restricted how much of the network the company can own to 35%. This story begs the question, is transparency critical to cybersecurity? , CEO and Co-Founder of put it best when he said “by the very nature of the industry, transparency is difficult at every level.” Paul Hague BlackDice According to , Director at , “transparency with cybersecurity is vital. Businesses rely on a piece of software to protect their hardware and data, but it’s difficult to say how they are being protected. Many cybersecurity companies don’t detail how they’re actually protecting your data, which is a huge concern. This concern is even greater when you consider that businesses such as Avast actually sell customer data to advertisers. That’s why transparency is of utmost importance—you need to know how your data is actually being protected.” Michael Fontana Optionbox (You can read about Avast’s response ). HERE The video conferencing app . Soon after, they were found to be using their own definition of the term and not actually implementing end-to-end encryption claimed on their website, marketing materials, and in their . Zoom recently made the headlines because of privacy concerns security whitepaper Then the company got caught along with the encryption keys used to secure those calls. This puts all these Zoom conversations at risk as they’re obligated to share the encryption keys with Chinese authorities upon request. routing calls made in North America through data centers in China Such incidents make it critical for companies to be thorough with their vetting process. “I’m sure that in any other walk of life, you would want to know. With the social media record on data and security, would you trust them with a smart lock? Probably not; so organizations and consumers must research where the ultimate buck stops and make an informed decision, with all the information, about whether it is appropriate or not,” Hague added. In-Depth Research Helps Build a Secure Future As cybersecurity is critical to maintaining compliance and business continuity, it's essential to check out the background of each third-party partner. Even if their role on your enterprise network is small, it's vital to do a background check. , Founder and CEO of , “thorough research at all levels definitely helps ensure security. That’s why we are transparent about all the hardware and software we use and even encourage our clients to visit our data centers in Switzerland.” Mateo Meier Artmotion While this might sound like common sense, it’s still far from the norm. “Do you research who owns a cybersecurity company before purchasing their security tools? Most businesses don’t, which can be damning. Who owns the VPN provider that’s meant to be protecting you? Who created the security software that you rely on to keep your hardware and data safe? If you don’t know the answers to these questions, it’s possible that there are malicious practices going on in the background that you’re unaware of. It is crucial that you know who owns the cybersecurity company you’re working with or who created the security software you rely on,” Fontana added. Cybersecurity is an ongoing commitment, and transparency certainly helps make it a little easier. If you’re not getting answers to your questions, then it’s best to move on to another, more responsive software or hardware provider. Cyber Resilience Depends on Regular Comprehensive Reviews After you have partnered with “safe” and reliable companies that support your technology infrastructure, your job is not finished. You have to continue to monitor every hardware and software that you have added to your network. Even when working with reputable businesses, you have to be alert to mistakes and vulnerabilities that need to be patched immediately. “In a rapidly changing threat landscape, cybersecurity is everyone’s responsibility. We have to use available tools, technologies, knowledge, and experience to stay a step ahead of threat actors. We have to have programs in place to monitor the environment, patch known vulnerabilities, engage in penetration testing, and evolve with the threat. Part of this process is to keep track of ownership. If another business bought the company you're working with, you have to take the time to find out what they are all about," Meier added. As the world gets more connected, smart cities will need cybersecurity protocols deployed at the micro and macro level. Our collective effort will go a long way to help secure the national infrastructure from the potential threat of hackers and rogue governments that seek to destabilize society. “Any product or solution is as secure as its weakest link. Knowing how a product is built, both its software and hardware, is critical. We always say that most of this is hiding in plain sight, so do your homework and ask the questions,” Hague advised. It’s an endless game of cat and mouse. Taking a security-first approach that demands transparency will help avert regulatory fines while making life (hopefully) more difficult for threat actors.

Huawei

Follow Me on Twitter!

Read My Stories

Too Long; Didn't Read

Questions about cloud security? Get answers here.

Why Is Transparency Critical to Cybersecurity?

Too Long; Didn't Read

Company Mentioned

Andrew Zola

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Why Is Transparency Critical to Cybersecurity?

Too Long; Didn't Read

Company Mentioned

Andrew Zola

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES