James Hennah, Director, Security, Asia, Middle East and Africa, for BT, shares insights about balancing security demands with the requirements of Digital Transformation. He talks us through three domains – cloud, compliance and cyberthreats – and provides recommendations that can help CIOs and CISOs make security integral to their organisations.
Keeping the cloud secure
According to GHB Insights, around 35% of enterprise application workloads will migrate to the public and hybrid cloud by 2022. While this poses distinct challenges for global organisations, they can no longer afford to wait.
Shying away from the cloud as a means of avoiding risk is perilous, as organisations would be ceding the advantage to competitors. Those that do fall behind their rivals in the race to the cloud may find themselves struggling with agility, operational efficiency and productivity – all critical business concerns that benefit from a successful move to the cloud.
To reap the substantial rewards of cloud computing, CISOs should focus on a way to simplify their approach, using a coherent set of services for network and security activities on a global basis.
Coming to terms with a new era of compliance
Research from Bitdefender found that 57% of organisations have experienced a data breach during the last few years – where 36% of infosec professionals stated that their organisations could likely be facing a breach (now) without knowing about it.
Security leaders are now required to do more against a backdrop of geopolitical uncertainty, data divides between countries, and a growing number of attacks.
But there’s also a new dimension of difficulty as organisations must consider a growing list of compliance requirements, such as those stipulated in the relevant cyber and data protection regulations etc. that apply by region, which carry costly penalties.
It’s essential that organisations know what to protect and where to bolster their defences – which is not an easy task in the era of shadow IT. One recent study found that 78% of business decision makers admit that employees are using cloud services without the knowledge of IT.
The proliferation of shadow IT makes it impossible for organisations to understand what to protect – and the results can range from an increase in regulatory penalties, wasted resources and significant downtime.
Therefore, to meet the challenges, organisations must find a way to objectively assess strengths and vulnerabilities. Then, they can build a baseline to compare their security posture against similar organisations.
Battling a new black market
The number of cyberattacks grows significantly per year and the speed of attacks continues to increase exponentially. As a result, organisations are locked in an arms race with cybercriminals, who are increasingly sophisticated and operate in a global marketplace, trading stolen passwords and malware as new commodities.
Whether hackers operate independently or as part of a state-sponsored collective, they now operate more like legitimate businesses, developing and releasing a wide inventory of black-market tools that make it easier to launch attacks, even if the hacker has little technical expertise. And, it’s not enough for organisations to simply react to these highly motivated cybercriminals.
Without investing the time and resources to stay ahead of their sophisticated techniques, organisations leave themselves open to a variety of risks, including brand damage, loss of revenue and a decline in operational efficiency. To keep pace with cybercriminals, organisations need to rely on dynamic systems that deliver early warnings about new threats and field their own teams of security experts.
There is no escaping that cybercrime is big business and it continues to grow as an everyday threat as more and more people and devices connect to the Internet. The chances of an organisation becoming a victim of an attack have never been greater. And in this era of fast paced digital adoption and transformation, the organisation’s leadership – and driven by the CISO – must treat cybersecurity as part of the overall business strategy, and one that must continuously evolve and be enhanced as the organisation’s needs change and threats in the market shift.