sb-nz logo
Story image

Major service failures on the way

​The inability of IT security teams to manage digital risk will lead to 60% of digital businesses suffering major service failures.

That’s the harsh warning from analyst firm Gartner, who says as organisations transition to digital business, a lack of directly owned infrastructure and services outside of IT's control will need to be addressed by cybersecurity.

"Cybersecurity is a critical part of digital business with its broader external ecosystem and new challenges in an open digital world," says Paul Proctor, vice president and analyst at Gartner.

"Organisations will learn to live with acceptable levels of digital risk as business units innovate to discover what security they need and what they can afford,” he explains.

“Digital ethics, analytics and a people-centric focus will be as important as technical controls."

Gartner has identified five key areas of focus for successfully addressing cybersecurity in digital business:

  • Leadership and Governance — Improving leadership and governance is arguably more important than developing technology tools and skills when addressing cybersecurity and technology risk in digital business. Decision making, prioritisation, budget allocation, measurement, reporting, transparency and accountability are key attributes of a successful program that balances the need to protect with the need to run the business.
  • The Evolving Threat Environment — IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. Gartner predicts that by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30% in 2016. Organisations need to detect and respond to malicious behaviors and incidents, because even the best preventative controls will not prevent all incidents.
  • Cybersecurity at the Speed of Digital Business — Digital business moves at a faster pace than traditional business, and traditional security approaches designed for maximum control will no longer work in the new era of digital innovation. IT risk and information security leaders must assess and transform their programs to become digital business enablers rather than obstacles to innovation. Organisations that are able to successfully establish an ecosystem that balances protecting and growing the business will remain competitive and in a position to address cybersecurity threats.
  • Cybersecurity at the New Edge — It used to be easy to protect data because it resided in the data center. The new edge has pushed far beyond the data center into operational technology, cloud, mobile, SaaS and things. For example, by 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls. Organisations need to address cybersecurity and risks in technologies and assets they no longer own or control. Business unit IT is a fact in most modern enterprises, and it will not be shut down by cybersecurity and risk concerns. It must be embraced and managed to deliver appropriate levels of protection.
  • People and Process: Cultural Change — With the acceleration of digital business and the power technology gives individuals, it is now critical to address behavior change and engagement — from your employees to your customers. Cybersecurity must accommodate and address the needs of people through process and cultural change. People-centric security gives each person in an organisation increasing autonomy in how he or she uses information and devices — and what level of security adopted when he or she uses it. The individual then has a certain set of rights in using technology and is linked to the group in the entire enterprise. The individual must also recognise that if things go wrong, it will have an impact on the team, group and business.
Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More