IBM – CMR Security Vision Tour 2012

Changed threat perceptions for the ‘borderless’ enterpriseThe modern business enterprise runs advanced IT infrastructure and applications to connect employees, business partners and customers, very often in real time. This enables stakeholders to connect seamlessly and collaborate on a range of processes from product design and engineering, marketing and distribution to order processing, delivery, installation, user training et al.However, with this new ‘connectedness’ comes the challenge of increased security threats from cyber attacks in the shape of:

    • Identity theft, fraud, extortion
    • Malware, pharming, whaling, phishing, spamming, spoofing, spyware, Trojans and viruses
    • Stolen hardware, such as laptops or mobile devices
    • Denial-of-service and distributed denial-of-service attacks
    • Breach of access
    • Password sniffing
    • System infiltration
    • Website defacement
    • Private and public Web browser exploits
    • Instant messaging abuse
    • Intellectual property (IP) theft or unauthorized access
    • Targeted Advanced Persistent Threats (APT)  

              and many more…
CIOs, along with security and compliance teams, are often responsible for managing risk across the enterprise IT environment while taking steps to be sure that the business is being served appropriately. The disruptive forces of cloud computing, social media, and mobility are all hitting CIOs at the same time, introducing a broad, new set of risks and security challenges.

This rapidly evolving enterprise technology environment makes it more important than ever for CIOs to get a handle on what the real risks are within ones IT ecosystem. The problem is made more complex by the sheer volume — and value — of data, both structured and unstructured, that is produced by one’s organization’s business processes and relied upon for much of the company’s decision-making practices.

Malware and hacking attacks that steal e-mail contacts, passwords and other personal information are passe. A new, more insidious type of attack, one that preys on the entire corporate network, either to bring it down completely or work slowly to pilfer valuable business data, contacts or customer information is becoming widely prevalent.

So the challenge for many organizations remains one of dispelling the idea that IT security is just another technology support function but is something that has to be designed to protect the whole enterprise. This involves being able to communicate to the business that the cyber-threat is a real and present danger to the organization. It is also important because many organizations are moving to outsourced IT or the Cloud and this brings additional IT security challenges.

The increasing trend towards BYOD and the proliferation of tablets and other end user devices that can be connected to the corporate network has increased the risks of data loss.

Traditionally within information security, internal threats have always been touted as the greatest threat an organization should focus on. However, increased attention around external threats and high profile breaches combined with both the customer and business units increased expectations around information protection have shifted the focus towards the external threat.

With this increased focus around the external threat, it has been observed that focus is shifting towards risk management. Moving forward, organizations are expected to spend more on reduction of potential future risk, and less on mitigation of current threats. Given the dynamic nature of the challenge, measuring the state of security within an organization and knowing where one is, is increasingly important.

In such a scenario how should a CIO / CISO plan out his / her security strategy? For starters, he /she would be well advised to have a holistic, enterprisewide view of IT security management rather than low level, end-point threat protection alone. The rationale behind this approach is that threats to organizations are both targeted and persistent. If the threat is blocked in one way the attacker will continue to look for other approaches that bypass the block. Therefore, a behavioural analysis of events to glean what is happening around and inside the organization’s network and systems is a better indicator of an imminent attack, rather than monitoring an attack in progress. The former, proactive approach often provides the much needed security intelligence to counter threats and minimize risk over a sustained time horizon.

In summary the risk of cyber-threats to enterprises is on the rise, and it is clear that IT security professionals need to do a better job of explaining these risks in clear business terms.

Four Key Questions for the Enterprise CIO / CISO

According to CMR, in this scenario, few key questions that every CIO (Chief Information Officer) / CISO (Chief Information Security Officer) needs to continuously evaluate and answer are:

  • How can CIOs raise the priority of information security in management’s eyes?
  • Is your CEO / executive board aware of the potential damage to reputation and loss of business that can result were your entire network or corporate website to go down for 24 hours?
  • Is your IT infrastructure adequately protected against the increasing frequency, number and complexity of cyber attacks?
  • How can one improve the deployment of IT risk-management resources and develop proactive, cost-effective solutions to identify and manage the real risks without impacting the business?

Need of the Hour! Solutions to combat current security threats, anticipate and mitigate overall enterprise risk
While we all know the benefits of cloud, virtualization and mobility for governments and business enterprises, legacy and static defences are inadequate in today’s complex and fast-paced world.

According to CMR (CyberMedia Research) organizations need to implement solutions, processes and risk management techniques that are environment-aware, require less human intervention and are able to anticipate potential threats likely to emerge in future. IT and business leaders of progressive organizations recognize that the right mix of policies, processes, people and technology, together play a vital role in proactively protecting information infrastructure, sensitive assets and data which is the lifeline of any business today.

IRM, SIEM, anti phishing and anti malware as a service, cyber intelligence, host based, network and cloud security and forensics etc. are new ways to mitigate and deal with cyber attacks and threats.

Therefore, it is clear that enterprises need to build a security architecture that can respond to today’s as well as envisaged future threats specific to their organization and business domain.