It is time to make changes on attitudes and approaches to cybersecurity, data protection, and business risk. The cyber-threat fraternity have upped their game; stealing credit card and banking credentials is no longer enough. Advanced, persistent, and targeted threats have become more frequent and effective, and state-sponsored attacks are backed by the resources and skills to breach or take down most business systems. However, while all these headline-making activities are taking place, a significantly high proportion of security breaches continue to be caused by low-grade, off-the-shelf malware. To improve security across all business operations, Ovum recommends that organizations take a more inclusive approach to cyber-threat protection.
Ovum's 2016/17 ICT Enterprise Insights survey continues to show that managing security, identity, and privacy is a top priority for chief information officers (CIOs). However, few organizations are completely satisfied that they are doing enough to keep all their users, data, and business systems safe. In the most recent security and protection survey that Ovum conducted, 92% of organizations were looking to increase or maintain current levels of spending on security in the years ahead.
Keeping business systems safe is difficult, and things aren't going to get any easier in the foreseeable future. The fact that organizations are being threatened by security attacks instituted by anything from opportunistic hackers using pre-built tools to highly skilled, state-sponsored cyber activity means that keeping data and users protected is increasingly difficult.
No one is immune. Any public or private sector organizations can be targeted, and even the best-protected government and business systems can and have been breached. Advanced persistent and targeted threat activity is becoming more difficult to detect and defend against. This situation also feeds down into lower echelons of the cybersecurity threat chain, where similar, off-the-shelf versions of high-quality cybersecurity tools are being made for use against ordinary business systems. Across all types of business, this requires organizations to fundamentally shift their approach to security from a mainly static, defensive posture to one of seeking out the threats and taking positive actions before, during, and after attacks and security breaches take place.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.