CONTACT US
Please enter your name. Please enter alphabets only for Name. Please enter Organization. Please enter valid email id. Please enter Phone number. Please enter numeric only for Phone number.By Happy Blob On 1 Mar 2017
This blog is published by
Happy BlobIs there any point to which you would wish to draw my attention?’
‘To the curious incident of the dog in the night-time.’
‘The dog did nothing in the night-time.’
‘That was the curious incident,’ remarked Sherlock Holmes.
― Arthur Conan Doyle, Silver Blaze
Do you know what your weak spot is?
I would like to think that I don’t have any, but am sure I could definitely use a shield for security, given that am a mass of blob. Cybersecurity is like insurance; you think you don’t need it and so don’t bother with it. But when disaster strikes, you wish you had taken the precaution.
Cyber attackers know how to spot weaknesses in a company’s firewall from a mile away. They can practically sniff it out. It’s like they have a sixth sense about it. Some of the cyberattacks have been at high profile institutions such as Starwood, Hilton and Hyatt Hotels not to mention the ransomware attacks on health insurer Anthem. The hackers just love online financial services and lending companies; the fraud has cost consumers as much as 8 billion pounds in 2016, according to ThreatMetrix. If I got a dime for all the times I screamed ransomware to Sherlock-like IT Security guy, I would be very rich by now.
In 2016, email and password combination of a whopping 117 million LinkedIn accounts were dumped online. Closer home, 3.2 million debit cards were compromised close to the end of last year in what is probably the biggest breach this blob has seen in the country in recent times. It had the top five banks scrambling to get their customers to either replace the cards or change the security codes. While the breach originated from malware introduced in systems of Hitachi Payment Services, which provides ATM point of sale and other services to Indian banks, it showcases how ill-prepared Indian banks and corporates are.
Well, guess what? For shizzles, we don’t know anything yet. These cyber sneakers (that’s what they do right..they sneak up on you!) are so creative that we will have to start thinking out of the box to be able to beat them at their own game. Before just like any other game, we need to first analyze them. Find their strengths. And their weaknesses. They may have won the battle, but we will win the war!
In the current landscape, CISOs face numerous challenges. The Internet of Things has just opened a Pandora’s Box and it won’t be long before it resembles the sets of ‘Jumanji’. I would love an IoT upgrade, you know! I always wanted to be ‘smart’. Okay, we are digressing! Some of the top challenges faced by CISOs are:
You know what they say about chains—A chain is only as strong as its weakest link. And employees are a weak link. They are the first line of defence. You may have the best security technology, but it won’t do squat if employees give away data on social networks, messaging apps or through their own less secure mobile devices. According to the latest research by Wombat Security Technologies Inc. and the Aberdeen Group, security awareness and changing employee behavior can reduce the risk of a breach by up to 70%. So, how do you prepare your staff for an emergency that could well hit just about any time? Drills. Ya, I know I hate drills too! But, tackling cybersecurity has to become second nature at all levels. It is no longer a problem for just the IT staff. Teach your employees to become the eyes and ears! Communication, threat assessment and risk mitigation should be the basis for any cybersecurity drill.
We have been more connected than before, but that does not necessarily lead to good communication. Even with the explosion of data-enabled devices, organizations are still relying on traditional security technologies such as anti-virus, firewalls, intrusion detection systems etc to combat cyber sneakers. According to Morgan Stanley Blue Papers, “Unfortunately, more security doesn’t necessarily mean better security. In fact, the current strategy of most organizations—layering on many different technologies—is not only proving ineffective, it is overly complex and expensive.” It’s not just the measures, the departments too are not in sync with each other. Like Target’s pre-Christmas data breach of 2014. One of the major factors that led to the data breach in Target was that the security functions were split among a variety of executives. So what, you ask? Well, you see what happens in such a scenario is that often people end up working in silos like the right hand does not know what the left hand does. The lack of coordination on data security policies and management can cripple the system and often delay finding the root cause of the breach and thereafter the solutions. There is no integrated approach to the cybersecurity problem and often companies are caught with their pants down, Blob thinks. Even Gartner agrees. It predicts that more than 80% of organizations will fail to develop a consolidated data security policy across silos, leading to potential non-compliance, security breaches and financial liabilities.
Lack of technology expertise is an issue that has often cropped up in organizations, even more so on the boards. Most board members do not have a technology background. According to Deloitte, “With the average age of board members exceeding 50, there is often a lack of understanding of context as a CIO is briefing the board. It is, therefore, beneficial for the board to have a member with significant technology experience.” By the way, did you know that 91% of board members are unable to interpret a cybersecurity report? That’s not the worst. About 40% of executives admitted that they didn’t feel responsible for the repercussions of a cyberattack. Wow! Accountability certainly went out for a walk. Also, there is too much dependence on third party security consultants to periodically review and assess the organization’s security strength. Often the CTOs are qualified to address what kind of technologies will help business continuity, but the landscape of cybersecurity threats is changing so often that the CTO won’t be able to keep up with all scenarios. Hence, third-party consultants are needed to do a more thorough analysis of the cybersecurity loopholes.
Companies around the world are losing $445 billion due to cybercrime last year, according to an estimate by the Center for Strategic and International Studies. CISOs rely on compliance for driving information security in companies, but it does not always sync with business strategy. The traditional route may promote better management support, but it will affect the maturity rating of the cybersecurity program. As articulated by Kris McConkey, PwC’s lead for cyber and insider threat intelligence, detection and incident response, “One of the failings of the security industry or rather the industry as a whole is that we’re effectively taking all the same business processes that we’ve been using for the last 20-30 years, and trying to add more and more layers of technology on top to patch all the holes.” One can fix the issue by developing an information security framework that will integrate with the business.
Data breaches will continue to escalate and organizations, irrespective of the size or industry, will need a new mindset to take up the challenges of cybercrime. CISOs will need to convey the cybersecurity risks to the business in terms of what they can understand. The good news is you don’t need a Sherlock Holmes to either identify or solve any of these issues. What we need is a culture of security. And what you also need is an integrated threat detection and response across multiple layers of enterprise IT, removing siloed approach to security. You might want to check this white paper out too, Every CISO’s Guide To Cyber Risk Protection, where my friends tried to provide a plan on how to Automate, Accelerate and Orchestrate your threat defense lifecycle. After-all, the current scenario demands an integrated cyber risk management approach to tackling all cyber security risks and threats in the cyber space.
Like Sherlock Holmes says, “There is nothing more deceptive than an obvious fact” and cybersecurity is one such obvious fact.
No related posts.
I am Blob. Happy Blob. Sometimes my friends also call me the Blabbing Blob, though I have nothing to do with the 2009 game of the same name! Just that I love technology and I am a blob of imagination of my friends at Happiest Minds, who created me. Let us all agree that I was born to blog and blab on technology. :-) (Blog. Blab. Blob. Now say it 5 times!) And since you are reading this, I presume, you love technology too. So, friends? Every week, I am going to write stuff about things I follow (very) closely, all that jazz, Cloud Computing, Big Data, IoT, Cyber Security etc. Just for you. And you can join me in the conversations here. [email protected]
Happy Blob I am Blob. Happy Blob. Sometimes my friends also call me the Blabbing Blob, though I have nothing to do with the 2009 game of the same name! Just that I love technology and I am a blob of imagination of my friends at Happiest Minds, who created me. Let us all agree that I was born to blog and blab on technology. :-) (Blog. Blab. Blob. Now say it 5 times!) And since you are reading this, I presume, you love technology too. So, friends? Every week, I am going to write stuff about things I follow (very) closely, all that jazz, Cloud Computing, Big Data, IoT, Cyber Security etc. Just for you. And you can join me in the conversations here. [email protected]
Read other blogs by Happy Blob
These blogs might interest you
by Padmini Sridhar on 28 Jun 2024
by Kedar Bhade on 25 Jun 2024
by Senthil Kumar A L on 24 May 2024
by Arjun Surendra Shravani MR on 3 May 2024
Tag Cloud
Subscribe for blog updates
Technology Focus
News & Events
RESOURCE CENTER
ABOUT HAPPIEST MINDS
Happiest Minds enables Digital Transformation for enterprises and technology providers by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of disruptive technologies: big data analytics, internet of things, mobility, cloud, security, unified communications, etc...
© Happiest Minds 2024 Terms and Conditions Privacy Policy