Cyber Security: New Threats, a New Approach

of Things” devices. Emerging technologies like wearables create new risks: employees may come to work wearing a compromised smart watch. They may pull their hacked connected vehicle into the company parking garage.

 

 

Something as far removed from the cor­porate IT ecosystem as a chip-embedded laundry detergent container, sitting in an employee’s laundry room, is a vulnerability waiting to be exploited.

 

This scenario adds a third di­mension to the traditional inside or outside the firewall environ­ments–a risk that floats between the two. And it requires another layer of preparedness. Now, an employee’s personal posses­sions–not just their company pro­vided laptop or even their BYOD smartphone–create risk.

 

To prepare for what lies ahead, senior technology leaders must elevate their organization’s approach in five areas:

 

Defense: get active – It is an emerg­ing trend that any technology executive must follow: the adoption of a more dynamic, proactive approach to cyber security. “Active defense” measures employing an intel-to-operations model are now a requirement, not an experi­ment. Cyber strategies now use real-time intelligence and assessment data to shape decision making, fine-tune defenses and preempt threats.

 

Leadership: syndicate the risk – Too often, the cyber threat is treated as an IT problem requiring an IT solution. Yet as the stakes grow higher, cyber attacks now touch every part of the or­ganization. Product development, or­ganizational strategy, HR, legal, marketing: they all play a role in preparedness, defense and response. It is critical that risk and responsibility be spread out across the organiza­tion. Anything less will result in a flawed approach–and a po­tentially shortened tenure for the senior technology executive.

 

Systems, product development: think cyber – Historically, speed-to-market has been the number one imper­ative driving everything from product design to systems implementation. Cy­ber security considerations were once an afterthought: now, they are becom­ing a consideration, albeit one that is largely retroactive. IT leadership must lead a fundamental shift to “embedded security,” with cyber defense a driver of product and systems development, rath­er than a bolt-on. This shift is particu­larly important as the Internet of Things expands the attack surface.

 

Incident

 

response:cut through the hype – With cyber a mainstream and Board-level issue, the market is crowded with compa­nies pitching “incident response” capabilities. For the corporate buyer, it is a hype-fueled, “buyer beware” envi­ronment. Does the incident response of­fer include the right balance of multidis­ciplinary expertise needed–like crisis communications, legal, policy, business and technical? What about the people behind it and the proposed step-by-step methodology? With the stakes growing higher, leaders must take a discerning look at incident response solutions.

 

Preparation: practice or perish – An effective cyber response requires two behaviors that do not come natural­ly to large organizations. First, differ­ent areas like individual business units, legal, HR and marketing must work to­gether around an issue where there has been little collaboration. Second, they must do so quickly, with an operational velocity that is often lacking in the day-to-day business. Practice–through col­laborative planning and real-time simu­lation drills–is the only way to achieve the required level of readiness. Without practice, you will fail.

 

There is little doubt: we are enter­ing an entirely new phase in the fight against cyber a attacks . Heightened ac­tivity, public concern and Board-level scrutiny have made cyber security a top priority, while driving advancements in preparedness, defense, detection and response. But with new, “personal” cy­ber threats looming, now is the time for the c-suite to rethink its approach. By doing so, they can avoid learning the hard way.

Check this out: Top Managed Security Service Companies in APAC