Exploring the impact of cybersecurity on enterprises, service providers, and technology vendors
Headlines with some kind of cybersecurity angle appear almost daily. An insider accesses customer data with the intention to cause distress to an individual. The personal records of a customer loyalty program are breached, resulting in potential fraud affecting millions of customers. Diplomatic communications are intercepted over a period of years.
Quite rightly, organizations are extremely concerned about the potential for cyberattacks. Yet these are not the only problem; not all security incidents and breaches are adversarial and the result of malicious attacks. Many security incidents and breaches happen because processes are broken, technology is outdated, and individuals are untrained.
Organizations pursue digital transformation projects with the objective of improving the services they provide to customers and citizens, yet according to Ovum’s ICT Enterprise Insights2018/19 survey, less than 15% of these organizations have a proactive approach to cybersecurity and digital risk. Enterprises want to strengthen their approach to cybersecurity to make their data and systems as secure as they can be, while still being able to build and grow.
From an enterprise perspective, security is focused on protecting the organization. This includes physical security (e.g. of premises, individuals, and spoken conversations) and digital security. Cybersecurity is the broadly recognized term for digital security – the practice of protecting digital systems, data, and devices from security incidents and breaches.
Cybersecurity is becoming further embedded in the lives of individuals and the fabric of organizations. Today’s enterprises face a broad and evolving cyberthreat landscape. Combined with compliance demands, this makes for an extremely complex cybersecurity picture that organizations struggle to fully address, meaning high-profile security incidents and breaches remain in the headlines.
To maintain a security posture, enterprises deploy security controls in the broad categories of “prevent,” “detect,” and “respond.” People, process, and technology are the focus of these security controls. Organizations will continue to make significant investments in security technology products to achieve this, but in the move toward a more risk-based view of their security posture, they are cutting down on the plethora of point solutions and moving toward a platform approach to integrate the cybersecurity products in operation. Moving away from point solutions demonstrates a clear appreciation that security is about a great deal more than technology.
The increasing recognition of “cybersecurity” as a term has without doubt elevated its importance in the minds of individuals and organizations, but it has not improved resilience against security incidents and breaches. The cyberthreat landscape, compliance expectations, accidental security incidents and breaches, the potential for long-term reputational damage, and the security workforce shortage all combine to create a perfect storm of demand placed on organizations and their cybersecurity resources. There is no desired “end state” for enterprises in their quest to address security challenges, but instead a need to improve their security posture and remain as protected as possible from threats while still doing business.
- Security is about a great deal more than technology.
- The cyberthreat landscape evolves continuously.
- Compliance demands add layers of complexity.
- 100% prevention is impossible.
- Security incidents and breaches are not always malicious.
- There is significant potential for short-, medium-, and long-term damage.
- The shortfall in the supply of security skills and expertise is worsening.
- The move toward risk-driven security is gathering momentum.