Story image

How digitisation is changing the security landscape

16 Jan 2018

Article by Verizon Enterprise Solutions' managing principal of Investigative Response for APJ, Ashish Thapar.

Over the last few years we have seen a drastic change in how businesses are using technology to achieve their objectives. Workflow digitisation and the transformation of IT systems have placed major demands on IT infrastructure and significantly impacted business models.

The meteoric growth of mobile devices, migration to cloud, emergence of Internet of Things (IoT) and Software Defined Networks (SDN) have created better customer experiences and greater access to information throughout the business ecosystem. This in turn is promising for the Australian economy, with IoT Alliance Australia predicting a $116 billion boost by 2025.  

However, this increased access presents more targets for attackers and has created unprecedented security challenges, leaving organisations more vulnerable than ever before. Security concerns now touch every part of a business – including the boardroom – and with Australia’s complex mandatory data breach notification laws coming into effect in February, the growing security pressures of the digital age are evident.

In recent years, large-scale hacks have put cybercrime at the top of the business agenda. From mid-May through July 2017, Equifax was victim to a breach that exposed sensitive personal information of 145.5 million American consumers. A 2014 hack on Sony Pictures was widely reported, as was the recently documented Uber hack.

Organisations have realised that a breach, compromise or attack could have a major impact on business performance, brand perception and ultimately the financial bottom line. Security has become a company-wide issue that needs to be addressed and managing risk has become a business priority.

IT security has evolved dramatically, with three key shifts taking place:

Security’s outreach has increased.  No longer just the concern of the IT guys in the back room, security now impacts everyone. It is profoundly linked to all departments and a business’s operations as a whole, holding the power to increase interaction across teams and break down the traditional barriers in which an enterprise often operates. This in turn helps identify assets that need protecting and can reduce the risk of a future attack.

Security’s reach also extends to the edge of a business, where data held in the cloud, on mobile devices and generated by IoT is in transit and potentially a moving cyber target.

More and more businesses are leveraging digital transformation, which in turn impacts how they use security – linking it back to their business objectives; enabling disruptive business models and strengthening their focus on cyber threats.

Security is built into innovation. IT security was once considered a barrier to change that hindered the adoption of new processes and the adoption of innovative technologies. But now, security is front and center in the new digital world.

It is accelerating ‘speed of service’ – embedded in SDN – enabling wider, consistent and secure access to data in the IoT and much more. Security is a now a pre-requisite, being built into new technologies and devices from the get go.

Security has to be responsive, agile, and intelligent.  Security needs to be more than just fast and agile. It also needs to act smarter and be more effective, particularly in the face of reduced budgets.

Managing security in the digital world involves the gathering, synthesis and analysis of security data as standard – and is no longer just about the data, but what the data can tell us.

The providers who propel their way to the forefront of the next generation of security services will be those who best leverage insight and intelligence services. This will split the security intelligence provider market into those who just collect data, and those with the proactivity and readiness to deliver intelligent insights.

So, what next?

Innovation and digitisation aren’t going anywhere. They will continue to grow exponentially and remain crucial for business success. In order to stay relevant, businesses must embrace new technologies, define strategies that deliver and exceed customer expectations and take a proactive security approach.

Verizon’s 2017 Data Breach Investigations Report shows that the same old threat tactics are still effective at infiltrating data. This year’s DBIR found that around 1 in 14 users were still falling for phishing, tricked into following a link or opening an attachment — and a quarter of those went on to be duped more than once.

The report also found that 80% of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords. Faced with daily cyber security threats, businesses can no longer simply be reactive – there is too much at stake.

Having a security partner that can demonstrate the ability to detect, respond, mitigate and prevent threats is crucial. Attackers are persistent and continuously improve their skills – so security providers must remain on the front foot to identify threats before they come knocking.

It is important to remember that no organisation, no matter its sector or size, is immune to cybercrime.

ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.