Balancing security and digital transformation
With the annual worldwide cost of cybercrime set to double from $3tn in 2015 to $6tn by 2021, BT offers advice on how chief information security officers can better protect their organisations
Mark Zuckerberg Credit: PA
In a post earlier this year, Facebook CEO Mark Zuckerberg said that “security isn’t a problem you ever fully solve.”
It’s a sobering perspective. Security breaches aren’t a matter of “if,” they’re a matter of “when,” and companies who lack the agility to quickly contain problems and repair damage will suffer.
For today’s CISOs, a rapid response to security threats is essential. However, many executives have adopted approaches that are well meaning but too slow and reflect a piecemeal perspective on security. This lack of urgency could have catastrophic consequences.
Counting the costs
Cybercrime damages will cost the world $6 trillion annually by 2021 – up from $3 trillion in 2015, according to Cybersecurity Ventures.
And behind the eye-catching figures are the people affected: McAfee estimate that two-thirds of the people online – more than two billion individuals – have had their personal information stolen or compromised.
It’s clear that companies can’t afford to wait quarter after quarter before addressing key security concerns – brand damage, the loss of IP, and other consequences are right around the corner. But the risk is real for CISOs as well. If they can’t provide the right guidance, they’ll bear the responsibility, which can lead to reduced credibility in the organisation.
This brief examines security across three domains – cloud, compliance, and cyber threats – and makes recommendations that can help CISOs and their companies make security integral to the business.
Keeping the cloud secure
According to GHB Insights, around 35 per cent of enterprise application workloads will migrate to the public and hybrid cloud by the end of the year, and 55 per cent by 2022.
While this poses distinct challenges for global organisations, companies can no longer afford to wait. Shying away from the cloud as a means of avoiding risk is perilous, as organisations would be ceding the advantage to competitors. Those that do fall behind their rivals in the race to the cloud may find themselves struggling with agility, operational efficiency, and productivity – all critical business concerns that benefit from a successful move to the cloud.
To reap the substantial rewards of cloud computing, CISOs should focus on a way to simplify their approach, using a coherent set of services for network and security activities on a global basis.
Working with BT, companies can apply consistent monitoring and policy enforcement, regardless of where applications and data reside. Organisations can choose their desired cloud provider. And as new security capabilities are added, they can be confident that the solution meets business outcomes and has been tested in one of the most demanding environments there is – BT’s own global network.
Coming to terms with a new era of compliance
Ninety-seven per cent of organisations have experienced a breach, but only 20-22 per cent believe they are equipped to deal with these intrusions effectively.
Security leaders are now required to do more against a backdrop of geopolitical uncertainty, data divides between countries, and a growing number of attacks. But there’s also a new dimension of difficulty as companies must consider a growing list of compliance requirements, such as GDPR, which carry costly penalties.
It’s essential that organisations know what to protect and where to bolster their defences – not easy tasks in the era of shadow IT. One recent study found that 78 per cent of business decision makers admit that employees are using cloud services without the knowledge of IT.
The proliferation of shadow IT makes it impossible for companies to understand what to protect – and the results can range from an increase in regulatory penalties, wasted resources, and significant downtime.
In the European Union, 83 per cent believed that shadow IT will increase over the coming years. In one case, the 2017 Wannacry ransomware attack forced one manufacturing firm to require all employee laptops and desktops to be submitted for verification, effectively shutting down operations for multiple days.
To meet the challenges, companies must find a way to objectively assess strengths and vulnerabilities. Then, they can build a baseline to compare their security posture against similar organisations.
When companies partner with BT, they gain full access to an extensive customer base and can leverage this intelligence to build the necessary policies and controls to heighten security and protect what is most important to the organisation.
Shadow IT becomes less of a burden, and CISOs will also have the data and reporting capabilities to demonstrate the efficacy of security efforts to regulators and to the rest of the business.
Battling a new black market
Cyberattacks were up 24 per cent globally during Q2 2017, and the speed of attacks continues to increase exponentially.
Organisations are locked in an arms race with cyber criminals, who are increasingly sophisticated and operate in a global marketplace, trading stolen passwords and malware as new commodities.
Whether hackers operate independently or as part of a state-sponsored collective, they now operate more like legitimate businesses, developing and releasing a wide inventory of black market tools that make it easier to launch attacks, even if the hacker has little technical expertise.
It’s not enough for organisations to simply react to these highly motivated cyber criminals. Without investing the time and resources to stay ahead of their sophisticated techniques, companies leave themselves open to a variety of risks, including brand damage, loss of revenue, and a decline in operational efficiency.
To keep pace with cyber criminals, organisations need to rely on dynamic systems that deliver early warnings about new threats and field their own teams of security experts.
With BT, companies can access datasets and global intelligence feeds from Interpol, the NCSC, and other agencies to make real-time improvements to their cyber defences, as well as our 2500 security experts who understand how to prioritise and validate the threats that really matter.
Organisations can also contain and remediate the intrusion in the most effective manner possible, leveraging a cyber security solution and techniques proven to work for BT’s network as well as its thousands of customers worldwide – all of this can be accomplished more quickly than assembling point-products.
You must treat security as a part of your strategy that’s always evolving and work to improve it as threats shift and your needs change. Security cannot be viewed as a static issue solved by technology. Instead, it must be approached as a business endeavour you evolve and improve as the threat environment and your organisational needs change.
With BT as a partner, you’ll be able to make security central to your business by understanding your current security strengths and how they measure up against the likely threats you’ll encounter.
Discover how to better protect your business.
The Financial Conduct Authority is to launch a four-year framework for technology and services to support a move to cloud computing
Chris Farthing of Advice Cloud digs beneath the headline numbers to find both good news and cause for concern for government’s SME suppliers
The UK will be shut out of many European networks and databases over the next few years – and will have to pay the EU for access in the meantime, under terms of Brexit deal
Law enforcement earlier this year bought 41 of the devices for use across the country
BT knows that digital security isn't just about technology. It's about the partnerships, intelligence and expertise you need to stay one step ahead in the security race.
Keiron Salt, CIO Health at BT, makes the case for a more rapid digital transformation of the NHS
How can you ensure you get the best from your workplace transformation? Bear in mind these two key drivers, and you'll see the benefits of new technologies
The policies may be in place, but is it happening in practice? BT's Bas de Graaf looks at the reality of GDPR today