COLLABORATION AND STRATEGIC Thinking Will Be Key to Securing the Future
For many years, cybersecurity has been a growing threat for companies around the world and today awareness of the threat landscape has never been higher. In a recent BT and KPMG survey of 100 IT decision makers at the director and c-suite level, nearly 90 percent expressed concern about an assault by organized cyber-criminal groups, with similar percentages seeing terrorist action and state-sponsored hackers as a real danger.
However, from this same group, only 22 percent said they were fully prepared to combat these breaches.But to know how to defend an organization, it is important to understand where it is vulnerable. A few key areas in particular are making companies more vulnerable to attackers.
Mergers and acquisitions as a whole represent a massive undertaking for any organization, however security is often at the bottom of the checklist when it comes to integrating existing systems. Not only does the process itself open up both companies to an attack, but each company employs a number of cultural differences that can affect everything from the sophistication of technology to employee security trainings.
A major disruptive technology making serious waves in the security space is the Internet of Things. New devices are becoming “smart” each day, and our formerly “dumb” assets have become security risks. Addressing this change will require a shift in the way companies build products. For instance, Tesla vehicles are on the leading edge of security because it was incorporated into designs from the beginning. But this isn’t the case for many car companies that are now having to make costly recalls to address security defects.
And to develop holistic strategies, it is crucial to think like a criminal and have a clear view of your company’s unique offering and identify which areas are most vulnerable
Moving corporate networks from legacy on-premises solutions to the cloud also presents its own challenges. While the cloud is inherently more secure than the current environment, the risks associated with the shift require new thinking because there are more variables to consider. For instance, BYOD now opens up new attack surfaces due to a single device connecting to both public and private clouds. Securing this environment is no longer simply setting up defenses for local data centers, but rather protecting individuals and ensuring they do not become an opening for hackers.
Althoughsome attacks are initiated from within an organization, it’s not always a malicious individual at the source. As the number of passwords and connected devices we use increase, the effort from employees to maintain security standards can be difficult to enforce. This is largely due to a lack of education or awareness. For instance, a survey by Frost & Sullivan found that more than 80 percent of employees are using non-approved SaaS applications in their jobs. Until organizations focus their security efforts on a personal level, it will be difficult to eliminate these threats.
Lastly, another serious vulnerability for large corporations lies with its vendors. Most organizations have a number of partners or vendors that are allowed certain levels of access to internal systems, making their security measures just as critical to being totally secure. Many assume that partners are taking the necessary steps to keep their organization secure, but unless you take the time to review potential risks all other internal security measures could be rendered useless.
As all these concerns have escalated in recent years, security is no longer just an IT problem, it is a boardroom-level issue that has a very real effect on brand-perception, one that is costing millions to recover lost value. But why do so few IT decision makers say they are fully prepared?
Last year, a study from the United States Government Accountability Office found that cyber incidents have increased more than 1,000 percent since 2006. And the reality is that cyber criminals today are highly advanced and constantly evolving. New types of attacks and malware appear each day, forcing businesses to stay on their heels combating unfamiliar tools and strategies – including organized initiatives designed to exploit and blackmail employees or deliberately plant people inside a corporation.
It’s important to keep in mind that no system can be completely secure, making an organization-wide approach to security a necessity. And to develop holistic strategies, it is crucial to think like a criminal and have a clear view of your company’s unique offering and identify which areas are most vulnerable.
Working together and implementing more complete security strategies requires companies to think security first in everything they do. To be truly successful in any industry today, knowing your enemy and taking the offensive will be to keys to a better defense.
To effect change, companies must stop taking a reactive approach to securing their networks and go on the offensive to thwart criminals from penetrating these systems. At the foundational level, integrating additional security technologies, hiring internal professionals and developing policies to help educate employees is an essential first step toward securing the ecosystem.
Ultimately, cross-organization collaboration will be a key to enabling industries to combat these attacks. Companies working in the same sectors hold a common interest in slowing down cyber criminals who target their businesses and by sharing intelligence, they can better equip one another to defend employees and customers.
For additional information on proven approaches to security, please be sure to visit the BT Assure homepage to learn more.