One of the downsides of the rapid rise of the information economy is the realisation that modern business are facing a wider range of severe IT security threats than ever before, writes the organisers of GISEC.
Of course, even in the face of these growing threats, cyber security is not always the key issue for many companies and CEOs that it should be. For them, cyber-attacks were always something which happened to other companies. However, with more companies hitting the headlines for all the wrong reasons having succumbed to the latest high-profile cyber-attack, it is becoming increasing evident that it can no longer be the sole responsibility of the CIO to be aware of the growing level of cyber threats facing their business.
This is why, ahead of the meeting next year in Dubai of some of the world’s leading IT security experts at the Gulf Information Security Expo & Conference (GISEC), we have decided to put together a report detailing some of the most pressing and urgent security threats your business and industry are facing.
What on earth is BYOx?
If your company is still balancing the pros and cons of embracing a Bring Your own Device (BYOD) culture, then we’re afraid we have some bad news for you.
It’s already too late.
With the rise of an increasing tech savvy millennial workforce, BYOD is already being replaced by BYOx (Bring Your Own Everything).
BYOx is a device management philosophy which tries to account for the multiple device lifestyles your employees almost certainly already employ. Because of this, CIOs now no longer have to contend with employees simply bringing their mobiles phones to the office, but also their tablets, smart watches, MacBook’s and any number of smart wearable devices.
Just some of the risks these devices contain include internal and external threats caused through device mismanagement, outside manipulation by third parties or simply security vulnerabilities which are built in to the software of each device or poorly tested, unreliable business application.
Of course all of this means that your company must now decide if the risks of embracing a BYOx work culture outweigh the benefits. Bear in mind that, if poorly implemented, a company’s personal device strategy can potentially do more harm than no strategy at all, as employees begin to abuse any extended access you’ve granted their devices to information that was previously inaccessible.
An erosion of trust
Trust is the secret ingredient for any successful IT security strategy. This not only applies to the trust you’re your customers have in your company, that their personal data will be safe and secure, but also internally with the sharing of data across departments a key element of a harmonious business strategy.
Unfortunately, in recent years trust inside organisations, both internal and external, has been steadily eroded by a series of factors, including a series of high profile data breaches at a range of high profile companies.
Security precautions such as risk management, data governance and compliance are all based on a degree of trust between the IT department and others in the organisation. In this era of eroding trust, IT leaders need to work actively to counteract growing scepticism among corporations and build a renewed trust in the reliability of corporate information and technology.
Finding a balance between security and productivity
The time of the desk bound, desktop computer using office worker has come to an end. As the use of mobile devices and applications within the workplace has risen, so too have the challenges faced by companies trying to ensure these devices are a safe and secure company resource.
Of course, you’re already aware that these mobile devices are giving your employees more opportunity than ever before to maximise their output and work schedules, with employees no longer tied to their desks or aging company machines. In addition, they also now have access to an ever-growing range of business focused third-party apps which are designed to maximise productivity in the office.
However, the fact remains that the majority of these phones, tablets and smart devices connecting to your office WiFi are not owned by the company. Of course, this has not stopped your employees using them to download and share a whole host of sensitive company information and data including emails, address books and financial reports. Once this information has left the safety of the office network and is out in the wild, your company has lost its ability to control who and what has access to this information.
Building the right action plan
One of the key changes required facing modern CEO is to stop thinking of IT security as what to do if their company faces an IT security breach, but what to do when it faces a breach. This is why it’s more important than ever for companies to come up with a highly efficient and adaptable action plan.
Just some of the generally agreed steps of a successful action plan include:
- The ability to thoroughly document the events leading up to and following the discovery of a breach.
- Building a system of clear and immediate communication across the company, as well as agreeing how everyone should respond to any external inquiries.
- Briefing teams to be able to immediately notify designated response teams, especially your legal counsel, to determine whether any law enforcement and/or other regulatory agencies need to be informed.
All this means is that an IT Security breach is no longer only a problem for the IT team, with all employees needing to be able to respond to a breach in a careful and legally-compliant way. All of this can be achieved by carefully putting in place the right processes to ensure your teams are responding appropriately and being proactive in warding off potential dangers.
Filling the talent deficit
By now you will have realised that the above trends are all pointing to a series of major trends taking place throughout the IT security industry; and like most trends, the resultant change is outpacing the industry’s ability to master the required new operational skills. For example, information security experts who may have had to previously focus on hardware now have to switch gears to focus on business processes and data management.
This new range of information risk management requires not only a new set of skills but a change from command and control thinking to a more strategic and holistic view of managing all the risks associated with information.
All this means that managers and executives responsible for assembling and staffing cyber security teams are seeing a rapid shift in the skills these teams must have to successful cope with today’s challenges.
Click below to share this article