The Internet of Things and Big Data are offering companies numerous new opportunities to deliver tailored and enhanced content to their customers, but says SHAILENDRA SINGH, this wealth of new data opens organisations to various cyber threats if they are not protected correctly.
The data explosion is a well-documented phenomenon, and one that offers organisations numerous opportunities to deliver improved, tailored and enhanced experiences to their customers. However, along with the advantages of having access to a wealth of information, this data also opens organisations up to threats if not protected adequately. Cyber crime is a multi-million dollar industry, and the perpetrators of these attacks can cause significant damage and loss, both to organisations and their customers. It is also an industry that is highly sophisticated and thrives on always staying one step ahead of security technology, requiring a constant and consistent effort from organisations to protect their sensitive and valuable information. Cyber security should therefore be a top priority for CIOs, particularly when it comes to preventing attacks and ensuring data security.
The number of high profile data breaches has grown over the past few years, and cyber threats are an increasing concern with regard to securing data. The end goal of these attacks is to compromise personal data for financial gain. However, despite the increase in frequency and the detrimental effect these attacks can have, response to attacks is often inadequate.
This is typically as a result of organisations underestimating risk and failing to invest sufficiently in cyber threat intelligence solutions, particularly with regard to new and emerging technology trends. BYOD and mobility have become key business drivers, and efficient security needs to incorporate these into policies, while balancing the need for data sharing and collaboration with the requirement for data privacy. In addition, cloud-based applications, social platforms and other megatrends must be catered for in an effective security solution.
Cyber security challenges
Instances of cyber breaches are on the increase, and as a result there is a growing focus on security measures. Key to effectively securing an organisation is an understanding not only of the implications of cyber security, but also the drivers for such solutions and the challenges involved. Identifying important information assets and evaluating the consequences of a breach is a critical first step. In addition, it is important for organisations to implement industry best practices in line with their own business processes, continuously monitor the relevance of cyber security approaches and business processes, and ensure compliance with legislation regarding cyber security and data protection.
A proactive approach to security
The typical approach to security uses technology based on past threats and vulnerabilities that have already been identified. However, in a world where cyber threats are increasingly sophisticated and constantly evolving, this is no longer sufficient. Organisations need to adopt a more proactive approach, with a complete view of cyber intelligence that helps to reveal possible vulnerabilities before a breach can occur. In addition, both internal and external sources of malware must be identified and correlated with other threats to predict where vulnerabilities may occur in the future.
Effective cyber security should incorporate smart analytics tools and intelligence to ensure adequate security. Utilising analytics, organisations can identify existing breaches and use this information to build predictive platforms that will help to identify vulnerabilities and build strategies. In addition, these breaches can be prioritised according to their business impact, severity and criticality, so that they can be dealt with effectively. In addition, it is important to establish key performance indicators with regard to cyber security, so that progress in monitoring and control can be tracked and measured. It is also important to implement continuous monitoring to test for vulnerabilities and validate security strategy on an on-going basis, and automate security measures to ensure they are compliant, effective and adhere to cyber security processes and procedures.
Exploiting data to deliver insight
Effectively exploiting the large volumes of available data in most organisations can be used to deliver insight that can assist with the building of threat intelligence solutions, as opposed to reactive security measures. Measuring and monitoring factors such as the frequency of security events, categorising breaches and incidents according to their nature (such as spam, phishing, denial of service, hacking and more), categorising attackers themselves, and establishing the motivation behind attacks, are all essential in improving cyber security efforts. This offers a number of benefits beyond simply preventing unauthorised network, computer and data access. Adequate information security is essential in compliance with legislation as well as in preventing disruptions to business operations and recovering quickly. In addition, stringent security increases stakeholder confidence and enhances the credibility of the organisation.
Cyber security is a business issue, not an IT problem
In order to ensure cyber security strategy is robust and effective, it is essential to obtain business buy-in from top-level executives. Ultimately, cyber security is no longer an IT problem, but a business problem that can negatively impact the entire organisation. As a result, it is essential to begin by identifying business processes or information assets that may be vulnerable to attack, rather than focusing on technological weaknesses. It is also important to conduct a cyber risk profile across the value chain to ensure vulnerabilities and security concerns can be effectively identified in all areas. The focus of cyber security today should be around securing sensitive data, as corporate information can now be accessed in so many ways, on so many different devices. In addition, given the constantly evolving nature of cyber threats, it is of the utmost importance that organisations frequently update their threat strategy and evaluating security measures.
Data is currency in today’s digital world, and as such protecting sensitive and highly valuable corporate information should be a top priority for any business. Ensuring data is protected requires a comprehensive cyber security strategy that focuses on intelligently detecting and predicting vulnerabilities as well as continuous monitoring and updating of strategies and processes. In addition, it requires a shift in mind set to view cyber threats as a business problem and encourage C-level participation. Protecting an organisation’s most important asset is essential to business continuity, and this cyber security should be a top priority for CIOs and for business as a whole.
* Shailendra Singh, Business Director, Africa, Wipro
* Follow Gadget on Twitter on @GadgetZA