Top security personnel concerns
According to the KPMG CIO Survey 2017, around 18% CIOs in India faced a major security incident in the past two years. Thousands of new vulnerabilities are being disclosed every year. It is a mountainous task for Enterprise security teams to be in knowledge as to which ones need immediate mitigation. This has become a major challenge for InfoSec teams everywhere. Ravinder Arora, Head – Information Security, IRIS Software explains the issue at hand, “As no security team has the resources to patch every single one and even if they did, they’d still need to identify and address the most critical ones first. Not all vulnerabilities are created equal with some just being trivial, while others can be disastrous. Pinpointing the software that must be patched with the greatest urgency is essential. Unfortunately, many organizations lack a precise, strategic, automated and systematic process for prioritizing their vulnerability remediation work. As a result, hackers constantly exploit common vulnerabilities and exposure (CVEs) for which patches have been available for weeks, months and even years.”
[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f2f2f2″]
“Enterprises today are struggling with network blind spots caused by increased encrypted traffic on their networks and migrations to public and private cloud environments.”
Bhaskar Agastya
Country Manager
Sales- Ixia
[/quote]
Another key issue of concern to today’s ITDMs is the lack of right tools and solutions deployed by the organization. As Harish Menon, Corporate IT – ISMS & License Compliance at Raychem RPG observes, “The primary point that every cybercriminal looks for to access an organizations’ system is through an ignored gateway. The organizations typically understand the importance of vulnerability and risk management, but simply lack the proper tools and adequate staff to do an excellent job at it. By deploying security solutions just to maintain compliance, organizations are faced with a lack of visibility and awareness.”
Undeniably one of the biggest issues though is the lack of cybersecurity talent at hand for Enterprise Indian. As per a recent McAfee Cloud Report, over 50 percent organizations reported lack of cybersecurity skills resulting in slowed adoption of cloud services, possibly contributing to the increase in shadow IT activities. 36% reported that they are experiencing a scarcity but are continuing with their cloud activities regardless. In the current cybersecurity landscape, enterprise InfoSec teams aim to ensure their users and critical business data are protected everywhere and have an ability to respond to threats as quickly as possible. “Enterprises would like to understand how, when and why people interact with data – and where this information travels,” Surendra continues, “Often questions like ‘How can we increase the agility of our cybersecurity systems and processes?’, ‘How can we monitor and protect our critical data that is inside and outside the perimeter?’ and ‘How can we quickly respond to a breach?’ come up while interacting with CISOs.”
[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f2f2f2″]
“We have witnessed a paradigm shift in the cybersecurity discourse among enterprises with major emphasis being laid upon security preparedness and correctness.”
Anand Ramamoorthy
Managing Director
South Asia, McAfee
[/quote]
Another top concern for CIOs and CISOs today is the business and customer aspect with the C-Suite tag attached now. Ixia’s Bhaskar Agastya explains, “Based on our interaction with CIO/CISOs, we witness that they are concerned about a loss of reputation and vote of confidence amongst customers,” He furthers, “The other concern for CISOs is detecting the exact time of an attack and understanding the extent/damage caused due to the attack. To quantify attack both in terms of loss of revenue, marginal cost, opportunity cost and reputation/brand is a complex process. It is therefore imperative know when did the attack occur and not be oblivious to the situation.” Hortonwork’s Kamal Brar supports the trend, “Enterprises want to protect their customers and themselves against sophisticated cyber-attacks while balancing customer experience and satisfaction through data-based personalization. Security is now as much about keeping the lights on and the business functioning as it is about preventing theft. Insider threats and behavior analytics are also increasingly important topics.”
[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f2f2f2″]
“Compromising the security of their data could undermine both the system and the trust that individual customers have in the products and services.”
Rana Gupta
Vice President
APAC Sales Identity and Data Protection
Gemalto
[/quote]
Way forward for CIOs and CISOs
Considering the fact that there is no defined line that indicates the threshold of breach resistance organizations possess, it comes as a harsh but universally accepted truth that there is no exact antidote for security. The aim should be to organically build a culture of secure functioning, an effective program that educates employees is necessary as recent attacks have stemmed from phishing. “This has resulted in the need for institutionalization of a secure action plan gaining momentum. Specifically CISOs need to work to enable secure work environments that limit an organization’s risk profile; without placing undue restrictions on the ways people work,” Citrix’s Joshi adds. With proliferation of mobility, businesses are becoming perimeter less with increasing need of securing the critical data as it moves to the cloud and spreads across an array of systems and devices. As per Forcepoint’s Surendra Singh, “The CISOs can do so by adopting human-centric security approach to understand the rhythm of people in the organization and flow of critical business data and intellectual property – wherever it may reside.”