The Digital Age Requires a Smart, Integrated Approach to Security
With the massive adoption of digital transformation and digital technologies, the focus on cyber security has grown considerably. There is a heightened perception of threat in the minds of enterprises and boards of companies, as cyberattacks have become much more focused and advanced. Vulnerabilities could originate from several sources including unauthorized access, malware, legacy applications, poor governance or even natural disasters. The growing popularity of IoT and automation, as well as the cloud-first paradigm and the deluge of smart phones, have forced organizations to re-assess their cyber security strategies.
Given the precedence of high-profile data breaches and growing dependence on IT, most companies are making cyber security a priority today. As per an industrial manufacturing survey that Infosys conducted, 68 percent of the companies surveyed picked ‘better cyber security’ as the trend that will make the most positive impact to their organization in the near future. Cyber security also came out on top in terms of the digital technology being utilized most by manufacturing companies. It was ahead of big data analytics, enterprise cloud and AI.
The traditional approach to cyber security consisted largely of installing a network perimeter firewall and using patches to fix vulnerabilities as soon as they were discovered. Companies also typically invested in signature-based technologies and a multitude of software tools and point solutions, and on different experts who could work on these tools. Unfortunately, these are not adequate in today’s technology landscape, and this was known to most enterprises for the last 2-3 years.
The greater emphasis on security has not easily translated into bigger security budgets. Chief Information Security Officers (CISOs) and heads of security in organizations are expected to manage security operations and existing threats, and, at the same time, invest in futuristic technologies and transform the cyber landscape. Therefore, CISOs are often in an unenviable position of protecting and defending the organization’s IT infrastructure without access to higher budgets.
Today, the top concerns for a CISO as per an article on CSO Online are:
- Global compliance and regulations including GDPR
- Using AI and ML to analyze security events
- Mitigation of advanced threats including zero day exploits and ransomware
- Managing risks of new technologies like IoT
- Outsourcing for managed security and planning for security skills upgrade
A Look at Cyber Security Spend and Strategy
Let us now examine the question of how CISOs, CIOs and Boards of companies should look at Cyber Security spend and strategy – a few pointers below:
CISOs need to walk the tightrope between managing budgets while investing more to thwart attacks. They need to proactively manage digital data across the service chain of people, systems, and processes, to ensure security initiatives don’t remain locked in ineffective silos. AI and predictive security can play a role in automating routine tasks. In turn, this can boost people productivity and create bandwidth for problem-finding and innovation.
There are many claims from different software vendors and System Integrators (SI) about smart tools, with a lot of acronyms and terms like AI, ML and cognitive thrown around in abundance. CISOs need to sift through the tools and solutions carefully and invest where it makes business sense. The tools need to look at different system alerts intelligently. Fine tuning the methodologies for detecting errors or suspicious trends can help bring down the volume of alerts/issues. This can ensure that there are fewer ‘false positives.’ As a result, the surveillance net needs to be cast wider to look for issues that may be below the radar. Event correlation, analytical use cases and smart configuration are important considerations. From a spend and budgeting standpoint, partnering with integrators who can bring solutions together in a ‘variable spend model’ or ‘opex model’ is an important option they need to evaluate.
In the age of cloud, core infrastructure does not necessarily imply that it is physically present on premise. A portion of the infrastructure may be on the cloud. While it may intuitively seem like on premise infrastructure is safer than the cloud, in practice, physical proximity does not imply better security. In fact, cloud-based infrastructure may often be safer than on premise because they are managed centrally, governed tightly, and, in addition, enterprises exercise greater care and governance over their cloud assets. Factors such as means of access, procedural rigor, and quality of governance influence security more than just the physical location.
Therefore, any robust security system needs a thorough knowledge of the core, along with a proactive strategy to secure extended enterprise/partners since connectivity and data traffic are typically high in the digital era. Partners who understand enterprise core systems and infrastructure are valuable for enterprises and CISOs to trust and seek advice from. This is especially true as the core interacts regularly with a plethora of external systems that are part of the ecosystem – partners, customers, suppliers etc.
A robust and comprehensive security infrastructure requires a strategic view, strong execution capability and technical/skill investments. It requires functional experts with disparate skills - incident managers, forensics experts, operations specialists etc. In such a scenario, it often makes sense for the CISO to find the right partners who possess these skill sets, rather than going through long cycles of investment into each of these. Sourcing expertise from all available sources, both internally and externally, to address capability gaps is a good approach.
Given the vast threat landscape, existing security controls are inadequate to protect against new and emerging threat vectors. What’s worse is that the lack of real situation awareness can create a false sense of security that can potentially cause great harm to the business. A smarter, integrated security infrastructure and a smarter team are needed to effectively safeguard your organization against cyber-attacks and mitigate organizational risks.