[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f2f2f2″]
“A major concern for CISOs is detecting the exact time of an attack and understanding the extent/damage caused due to the attack.”
Kamal Brar
Vice President and General Manager
APAC, Hortonworks
[/quote]
Another important fact is the economic asymmetry of attacks which means it costs too little to attack, and too much to defend. Efficiency, automation and machine learning can be powerful weapons to redress this imbalance. Hortonwork’s Kamal Brar suggests, “Deploying modern data technologies to aggregate and automate activities like alerting, threat hunting and response orchestration with allow security teams to rise above simple fire-fighting,” he adds. Gemalto’s Rana Gupta believes it’s often weak, static credentials that are exploited to gain unauthorized access to resources, or for a full-blown data breach and businesses looking to take a privacy-first approach must control access, “Establishing strong, two-factor authentication to any resource that holds value will eliminate this vulnerability.”
An effective defense is built on a dynamic cybersecurity platform that is both open and integrated. McAfee’s Anand Ramamoorthy states, “Now, more than ever, the “new threat, new widget” approach must evolve. The role of the CISO should be looking at ways to leverage security and privacy in a fashion which addresses consent, transparency and value.”
[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f2f2f2″]
“By deploying security solutions just to maintain compliance, organizations are faced with a lack of visibility and awareness.”
Harish Menon
Corporate IT – ISMS & License Compliance
Raychem RPG
[/quote]
People, processes and tools are an integral part of ensuring security compliance. Mobility trends like (BYOD) have now brought a paradigm shift in the way we access corporate information and hence a thorough understanding of security essentials is key to safeguarding corporate data on personal devices making security training necessary to help organizations rapidly respond to events. Pluralsight India’s Arun Rajamani adds, “Security Training for IT is essential for the security teams to develop their skills on a range of topics such as security engineering, security auditing, security testing, ethical hacking, network security etc. to proactively respond to security threats and enforce security standards.”
[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f2f2f2″]
“Organizations are ramping up security professionals with guided learning paths on newer cyber security topics and up-skilling on existing cyber security knowledge.”
Arun Rajamani
Country GM
Pluralsight
[/quote]
Industry Veteran, Sophos’ Sunil Sharma believes all CIOs and CISO should follow the concept of synchronized security through instantaneous sharing of threat, security and health information between firewall and endpoint helping eliminate the manual work of trying to figure out the who, what and when of a compromise. “A 360 degree analysis and response mechanism should be adopted which shows where the attack came in, what it affected, where it may have stopped and recommended actions to prevent a similar attack in the future,” he adds further.
With more and more companies relying on their information technology infrastructure to grow in a competitive environment, cyber threats have been increasing, which has forced businesses to reinvestigate their security infrastructure to better protect their environment. Today’s environments demand security teams to adapt systems and applications to be automated yet stringently controlled process. The aim of any organization should be to redefine its security approach keeping all the components of business in mind. Trends like mobility, cloud, third platform have signaled a paradigm shift in how enterprises of all sizes function today. Data is gold and at the heart of any process no matter how big or how miniscule for the organization, and it is imperative to identify and secure critical. Systems have changed from traditional perimeter security to human centric and holistic security concepts based on complete visibility, machine learning, automation of threat detection and response and collaboration among different tools working in tandem to ensure an organization is free from any disastrous breaches or attacks. In a highly competitive corporate environment where IT and Digital are the new enablers, they are also the most vulnerable areas for organizations in terms of business impact today. Leveraging digital without enforcing a well thought out security strategy is a sin in today’s security landscape. Cybersecurity Strategy now is at par with strategies for any other business area. It will be a crime in itself to neglect security today for any organization going digital, be it big or small.