Business Can Minimise Cybersecurity Risks And Drive Profit

Uploaded on 2017-02-06 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

An astonishing 70 percent of the companies on the Fortune 500 a decade ago are no longer listed. The reason is simple: digital disruption.

There's not a CIO on the planet today that isn't expected to deliver on the promise of digital technologies to transform customer-facing services and internal processes. This means supporting new cloud and mobile-led ways of working while controlling risk in a digital world full of menacing new threats.

To make this a reality, IT and security must come together to harmonise the twin aims of profit and risk management. Their secret weapon is none other than that frontline IT stalwart the service desk, supported by automation and endpoint management.

Adapt or Die

The cautionary tales of Blockbuster, Kodak and BHS on the one hand, and the success stories of Airbnb and Uber on the other, are perfect examples of the power of digital transformation.

It's true that the US and Europe have approached this from opposite sides: the former focused on profit and the latter on protecting consumer privacy and improving security. The post-Brexit UK sits somewhere awkwardly in the middle, depending on whether or not it harmonises its laws with Europe after the split.

Whatever the nuances, enabling new digital ways of working has undeniably led to an explosion in the number of endpoints organisations need to manage – especially mobile devices.

And this is leading to an increased risk of data loss and/or theft. The Ponemon Institute recently polled over 18,000 US IT professionals and 69 percent claimed BYOD had significantly increased endpoint risk.

Whether we're talking about enterprise mobility or other parts of the organisation, new digital ways of working introduce new risks, both from external malfeasance and insider negligence. Some 18 million new malware samples across the board were recorded in Q3 2016 alone.

Financially motivated cyber-criminals, sophisticated state-backed cyber spies and publicity seeking hacktivists all represent a major threat today.

Unpatched vulnerabilities remain a bountiful attack vector for them, and the impact of resulting breaches or service outages can be massive. TalkTalk was breached last year via a simple SQL injection bug which should have been patched. The firm has admitted that the total cost after remediation, along with the impact on trading and customer retention, could be as high as £80 million.

The insider risk can be malicious, but most often it's accidental. Something as simple as clicking on a malicious ransomware link in an email, losing a BYOD device in a bar, or downloading an unapproved app could expose the organisation to unnecessary risk. A FoI request revealed 62 percent of data breach incidents reported to the ICO in the first few months of 2016 came as a result of human error.

Arming the Service Desk

A median post-breach dwell time of 146 days in 2015 tells us that security and IT teams still don't talk to each other enough. CIOs and CISOs will have to collaborate far more closely if they're going to support digital transformation strategies effectively.

The answer is to tool up the service desk with unified endpoint management covering multiple layers of protection, to deal with the varied threats facing organisations.

This approach should include: automated patch and configuration management to enhance stability and close down attacks exploiting known bugs; app whitelisting to mitigate the risk of zero day threats; encryption to protect data if it gets into the wrong hands; tools to automatically apply security policies to removable media and all corporate and staff-owned devices; and AV to deal with ‘background noise' malware.

Automation is key here, enabling the IT team to extend security right out to all endpoints and free up individuals to focus on more critical tasks. And it's the perfect role for a service desk which has unrivalled visibility into ‘incidents', which means it's often the first to acknowledge events which may herald a serious breach/attack. It's in the right place to escalate to security teams, but on the other side, security needs close communication lines into the service desk.

The service desk is also in a great position to monitor and report on ongoing efforts, supporting compliance and even fostering a security-first culture among staff.

In the end, effective digital transformation needs to balance agility and speed on the one hand with security and compliance on the other. This won't just require automated endpoint management led by the service desk.

It will require a cultural change, an IT team willing to listen to staff and ensure any changes don't block productivity. Fail on this front, and the creeping hand of shadow IT will undo all its hard work to support the business.

SC Magazine:                    CIOs Are Neglecting Process & Most Efficient Options:

Company Boards Need To Get A Grip:

 

« Spanish Police Arrest Banking Malware Suspect
Stuxnet, Secrecy & The New Era of Cyber War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO CCDCOE's mission is to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

Italtel

Italtel

Italtel is a multinational ICT company that combines networks and communications services with the ability to innovate and develop solutions for digital transformation.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

DataNumen

DataNumen

The fundamental mission of DataNumen is to recover as much data from inadvertent data disasters as possible.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.