Article by Verizon Enterprise Solutions' managing principal of Investigative Response for APJ, Ashish Thapar.
Over the last few years we have seen a drastic change in how businesses are using technology to achieve their objectives. Workflow digitisation and the transformation of IT systems have placed major demands on IT infrastructure and significantly impacted business models.
The meteoric growth of mobile devices, migration to cloud, emergence of Internet of Things (IoT) and Software Defined Networks (SDN) have created better customer experiences and greater access to information throughout the business ecosystem. This in turn is promising for the Australian economy, with IoT Alliance Australia predicting a $116 billion boost by 2025.
However, this increased access presents more targets for attackers and has created unprecedented security challenges, leaving organisations more vulnerable than ever before. Security concerns now touch every part of a business – including the boardroom – and with Australia’s complex mandatory data breach notification laws coming into effect in February, the growing security pressures of the digital age are evident.
In recent years, large-scale hacks have put cybercrime at the top of the business agenda. From mid-May through July 2017, Equifax was victim to a breach that exposed sensitive personal information of 145.5 million American consumers. A 2014 hack on Sony Pictures was widely reported, as was the recently documented Uber hack.
Organisations have realised that a breach, compromise or attack could have a major impact on business performance, brand perception and ultimately the financial bottom line. Security has become a company-wide issue that needs to be addressed and managing risk has become a business priority.
IT security has evolved dramatically, with three key shifts taking place:
Security’s outreach has increased. No longer just the concern of the IT guys in the back room, security now impacts everyone. It is profoundly linked to all departments and a business’s operations as a whole, holding the power to increase interaction across teams and break down the traditional barriers in which an enterprise often operates. This in turn helps identify assets that need protecting and can reduce the risk of a future attack.
Security’s reach also extends to the edge of a business, where data held in the cloud, on mobile devices and generated by IoT is in transit and potentially a moving cyber target.
More and more businesses are leveraging digital transformation, which in turn impacts how they use security – linking it back to their business objectives; enabling disruptive business models and strengthening their focus on cyber threats.
Security is built into innovation. IT security was once considered a barrier to change that hindered the adoption of new processes and the adoption of innovative technologies. But now, security is front and center in the new digital world.
It is accelerating ‘speed of service’ – embedded in SDN – enabling wider, consistent and secure access to data in the IoT and much more. Security is a now a pre-requisite, being built into new technologies and devices from the get go.
Security has to be responsive, agile, and intelligent. Security needs to be more than just fast and agile. It also needs to act smarter and be more effective, particularly in the face of reduced budgets.
Managing security in the digital world involves the gathering, synthesis and analysis of security data as standard – and is no longer just about the data, but what the data can tell us.
The providers who propel their way to the forefront of the next generation of security services will be those who best leverage insight and intelligence services. This will split the security intelligence provider market into those who just collect data, and those with the proactivity and readiness to deliver intelligent insights.
So, what next?
Innovation and digitisation aren’t going anywhere. They will continue to grow exponentially and remain crucial for business success. In order to stay relevant, businesses must embrace new technologies, define strategies that deliver and exceed customer expectations and take a proactive security approach.
Verizon’s 2017 Data Breach Investigations Report shows that the same old threat tactics are still effective at infiltrating data. This year’s DBIR found that around 1 in 14 users were still falling for phishing, tricked into following a link or opening an attachment — and a quarter of those went on to be duped more than once.
The report also found that 80% of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords. Faced with daily cyber security threats, businesses can no longer simply be reactive – there is too much at stake.
Having a security partner that can demonstrate the ability to detect, respond, mitigate and prevent threats is crucial. Attackers are persistent and continuously improve their skills – so security providers must remain on the front foot to identify threats before they come knocking.
It is important to remember that no organisation, no matter its sector or size, is immune to cybercrime.