As more and more businesses across UK and around the world are hit by data breaches, a rising number of companies are welcoming the chief information security officers (CISOs) to the boardroom table. The growing respect for this role is a testament to the elevated status of enterprise information as the new crown jewels.
IBM recently released its third annual Chief Information Security Officer (CISO) study, which underscores the rapid rise of the CISO. 90% of security leaders from the study strongly agree that they have significant influence in their organisation — and more than three quarters (76%) say the last three years have seen a significant increase in their degree of influence.
They’ll need that influence. Keeping information assets safe in today’s threat landscape is no easy task and it certainly can’t be done in isolation. Not surprisingly, a vast majority feel that the challenge posed by external threats has risen in the past three to five years. But what is much more concerning is that 60% appear to be overwhelmed, saying that the sophistication of attackers is outstripping the sophistication of their organisation’s defences.
Safeguarding IT systems and data against attackers who are increasingly sophisticated, well-funded and difficult to detect is a real struggle. Security breaches can take weeks or even months to be discovered, which increases the damage inflicted and the likelihood that valuable data will be stolen and compromised.
Security leaders are also faced with a paradox: the same technology – mobile and cloud — that makes it possible for companies to innovate and employees to collaborate can also create more openings for hackers and cyber-criminals to penetrate a company’s defences. Close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Yet companies that are adopting cloud for data storage want the same level of security that they have come to expect in data centres and worry that cloud adoption is shattering the enterprise perimeter and creating new areas of vulnerability.
Mobile devices pose a similar dynamic. Half of the world’s population will be using mobile devices to access the internet by 2020, according to the global association for mobile operators, GSMA. These people are also customers and employees, and their sheer number is an issue for organisations who do not yet have mature mobile device management capabilities, like many of the organisations in the study.
On the other hand, business and technology leaders know they cannot simply avoid new technology. What is needed is an approach to security that enables businesses to thrive and innovate instead of trying to restrict and control them.
More and more companies aren’t just brushing up their approach every few years. Many are rebuilding their systems from the ground up to confront the magnitude of today’s cyber threats. The demand for real-time security intelligence, the risk of data leaks, the rise of cloud and mobile and the need to protect the data they convey, and the complex shifts in government regulation – all contribute to the need for business leaders from the board of directors on down to fully support the team in charge of protecting the company’s enterprise data and systems.
Security leaders must do their part, too. There are several steps they should take to fortify their organisations for the future:
* Enhance their education and leadership skills to benefit from their growing business influence and ensure continued support from leaders throughout the company.
* Continue to seek out approaches and technologies that help shore up the organisation’s cloud, mobile and data security.
* Pay close attention to securing interactions with external ecosystems, since risk level rises along with the number of interactions and connections with customers, partners, and suppliers.
* Plan for multiple government scenarios, in the face of continued uncertainty about whether security governance will be handled on a national or global level and how transparent governments will be.
Understanding the full extent of the security threat landscape and how to deal with these difficulties has never been more important. For many companies, and every CISO, the challenge is not only to manage the present — it is to fortify defences for an unknown future.