The information era has furnished us with a plethora of data empowering enterprises to provide tailored, differentiated and an enhanced experience to customers through newer channels. In parallel, such developments have also given rise to cyber criminals who attack systems and cause major damages and losses to organizations and their customers. Cyber-attacks orchestrated, often surpass the sophistication levels of technology solutions adopted by companies. CIO’s today must therefore gear up to protect their organizations from such hostilities.
This paper explores the challenges and possible security measures available to organizations that seek the ability to fend off such attacks and ensure data security.
Introduction
According to the 2014 Worldwide Threat Assessment Report, cyber threats top the list of concerns for securing confidential data . Instances of cyber breaches are reported frequently and from across the world. While banks are common targets, there are instances of cyber-attacks aimed at compromising personal data, reported by universities, corporations and governments too.
Despite the frequency of such incidents, organizational response to these attacks remains lukewarm and inadequate. Many CIO’s underestimate the risk and fail to make adequate investment in cyber threat intelligence systems.
It is therefore imperative to drive home to this segment, the need to invest in cyber security to buttress the organization’s safety. Efficient cyber security initiatives must be capable of evaluating BYOD for security risks and policies while balancing data privacy and sharing. The initiatives should also be towards evaluating and auditing enterprise applications that have social and collaboration capabilities and are deliverable on the cloud. In addition to monitoring knowledgeable insiders who could be potential threats a good security system must also, monitor cyber risks from board level executives and have third party service and solution audit capabilities.
Cyber security – A top concern for CIO’s
With increasing instances of cyber breaches being reported, studies reveal greater focus on security measures across organizations today .Enterprises and C-level executives must therefore focus on understanding better the implications of cyber security, and the drivers and the challenges in formulating cyber security before implementing a solution. Improving cyber security is emerging as the top priority of Chief Information Officers (CIO’s) for several predominant reasons:
Apart from gauging the readiness of the business leaders towards owning this issue and identifying teams responsible for developing and maintaining enterprise approach to cyber security measures, it is also for the CIOs to look into the following:
Demand for a 360-degree view – The way forward
Most businesses react to security breaches after they occur as the usual approach to security is based on threats and vulnerabilities identified based on past incidents.
Organizations must shift their approach to a 360-degree view of cyber intelligence focusing on the study of architecture, process, practices and technology to reveal possible vulnerabilities. They need to identify the source (internal or external) of the malware and correlate the data with other threats to predict future vulnerabilities and deal with security issues in a proactive manner.
An effective cyber security framework covers:
A good case in point where cyber intelligence can make a marked difference is the banking and financial services industry. Frequent and sophisticated cyber-attacks in banks subject them not only tor serious threat of monetary loss but also loss of credibility.
Incidences of attacks in banks is higher because of data being distributed across multiple devices, the complicated IT infrastructure and reliance on IT resources outside company’s firewall. According to a report published by Longitude research in 2013, four in five banks have faced cyber-attacks; most commonly spam attacks, closely followed by phishing and Distributed Denial of Service (DDoS) attacks.
The solution to such threats lies in effectively exploiting the large volumes of data in the banking sector to build threat intelligence strategies by developing insights. Frequency of security events, categorizing breaches and incidents as spam, phishing, DDoS, hacking, categorizing of attackers and establishing motivation of attacks is part of the process of improving cyber security efforts.
The benefits
Cyber security measures are essential to prevent unauthorized access to networks, computers and data. Other equally important benefits include:
Implementing a robust cyber security strategy
For an effective cyber security posture, enterprises must look into the following:
Conclusion
There is an overarching need for comprehensive cyber security and controls to defend high-value corporate data. Such a crisis not only requires high-tech cyber security and intelligence monitoring systems, but also a cultural shift at the organizational level with C – level participation.
Cyber security of the future will rely heavily on intelligence and insights. To derive most from cyber security measures, enterprises must develop an intelligence mindset, invest in cyber intelligence technology, and take a 360-degree view of cyber intelligence. Cyber intelligence comprises a spectrum of cyber threat management; tactics that enable organizations to use proactively, smart analytics and monitoring tools. For cyber security and intelligence to work together, enterprises need an organized approach to cyber security, integrating C-level participation, risk management and governance, human factors, business processes, systems, change management, legal and compliance policies, coordination with external entities (customers, vendors, or partners).
Moreover, cyber security concerns do not stop once the organization has set up the charter, processes, systems, and change management. Continuously monitoring and frequently updating processes, systems, and response mechanisms in line with compliance and policies are the key. Finally, in depth understanding of the expectations of the stakeholders in the value chain will enable better coordination to share accurate data (internal and external) by taking an integral path.