CIOs can take control to secure from the data breaches.
Over a decade the cyber security landscape has evolved rapidly and the magnitude of cyber-attacks increased ever before. The future of information security threats will continue to accelerate massively, endangering the integrity and reputation of trusted organisations. This week, the industry experts at Davos WEF 2018 witnessed several cyber security trends and developments including the federal government’s involvement with security, the ease of automotive hacking in modern vehicles, potential threats targeting connected medical devices, and the lack of cyber education among IT professionals
As sophisticated tools and techniques become more widespread, and the distinctions between the threat actors become more blurred, the long-term outlook for cyber threats is concerning the CIOs/CTOs/CFOs. Their strategic plan is to proactively protect the assets with limited resources. The key for an organisation is to understand which threat actors are targeting, what the organisation’s key assets are and how to protect them. Cyber defence needs to be intelligence-led, risk-based and prioritized – it is not a compliance exercise.
Nevertheless the CxOs would agree that the ‘bad guys’ would target either from outside their organization and/or inside the eco-system. According to the World Economic Forum’s 2018 global risk report, cyber-attacks are rated among its top five risks in terms of likelihood and defending your organization against targeted attacks, APTs and advanced malware attacks are at high level of priority and most importance is to comply the industry and regulatory compliance.
Within the financial industry, cyber-attacks have led to millions of customer records falling into the hands of criminals, with JPMorgan Chase & Co. and HSBC Holdings Plc both having their systems breached in 2014. Subhankar Saha, an executive director at the Bangladesh Bank, told Al Jazeera the governor Atiur Rahman resigned because “some sort of mistake was done, and some people had accused the central bank for being responsible. New cyber-attacks are happening, new types of viruses are being created, but what we can say is we have already strengthened our systems and instructed all commercial banks of the country to take measures to make their systems more robust and strong,” Saha said. Organization need to learn lessons from various incidents that could enable them to defend such threats. In the wake of high-profile hacks and increased activity from state actors, companies are increasing their spending on security. MarketsandMarkets expects the global cyber security Market to grow from $106.32 Billion in 2015 to $170.21 Billion by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8%
Compared to traditional IT environment, security deployed at every level in the cloud environment must be different while considering the security needs for each level. The biggest threat to the cloud environment that exists today is of unauthorized access. The users put their confidential data on the cloud hoping that their data will remain safe but due to unauthorized access, the confidentiality of the data is undermined. As a result, users are reluctant to migrate their data to the cloud.
There is a need for the cloud providers to hide some security related information, as they need to keep all the information about the security procedures confidential in order to minimize any security breaches. However, the lack of transparency results in the cloud customers losing trust on the cloud providers. As a result, customers are reluctant to store their valuable data on the cloud, which undermines the potential of cloud computing and its organizations responsibility to control their data in cloud. Cybercrime isn’t limited to one country or even continent. It’s a pervasive problem that impacts businesses around the world. The first step in minimizing risk in the cloud is to identify the Cloud computing top threats – According to Cloud Security Alliance. The growing threat of breaches will create a ‘cyber paradox’, meaning that although business will increasingly take place online, firms will no longer feel confident in the encryption protecting sensitive information when it is transferred. This could lead to companies resorting to old-fashioned methods for sending important data.
The CIO role is growing more critical to the business and more complex to inhabit, as top IT executives simultaneously battle cybersecurity threats, increasing business demands and challenges to their control. Smart CIOs get business executives involved early and establish cyber risk as a key operational risk to the business.
And the time has come now to ‘Transform the Security Operations Center (SOC)’