Why a proactive approach to cyber security matters
By Walker White
It’s becoming alarmingly common to learn that another retailer or national chain has fallen victim to a cyberattack. Anthem, Target, Home Depot, eBay, Domino’s Pizza and Neiman Marcus all make the list. Less well known are reported cyberattacks against federal agencies, including the U.S. Nuclear Regulatory Commission, the U.S. Postal Service and the White House itself. According to the expert analysts Gartner, worldwide spending on information security approached $71.1 billion in 2014, an increase of 7.9 percent over 2013. But the fact that more is being spent on security does not mean money is being spent wisely. Enterprises and government agencies alike are caught up in a reactive approach to cybersecurity, and do not proactively get out in front of threats.
In addition to the shift in the threat landscape, there has been a change in what types of companies are being attacked. Cyberattacks were previously aimed at disruption or theft of intellectual property; but hacks are now increasingly becoming attempts to steal data. This trend makes enterprises and agencies that store data newly vulnerable. Even organizations that formerly saw themselves as irrelevant to cyber criminals – from health care networks to government agencies and e-commerce start-ups – are vulnerable. With the cost of a breach averaging between $3 million and $5 million, nobody can afford to be hit.
Enterprises large and small are becoming aware of these threats. As I previously outlined in an article detailing the top three trends that will dominate government IT, cybersecurity is an aspect of IT that must constantly evolve to meet increasingly sophisticated threats. Many cyberattacks prey on aspects of IT that are easily avoidable, such as 2014’s “Bash” and “Heartbleed” attacks that exploited security holes in out-of-date software that was no longer under manufacturer support. Knowing where holes might appear takes a thorough understanding of your enterprise assets, making the ability to implement an enterprise-wide common IT language enriched with asset data the most foundational way to protect against threats.
This is easier said than done. Before any suite of cybersecurity software or common IT language can be fully effective, an enterprise must have clean, enriched data that allows insight into the system’s contents and architecture. In larger, more sophisticated organizations, departments can become isolated over time on their own IT islands, preventing transparency and increasing their vulnerability. These larger organizations must fight against the tendency to work in silos, a practice that fosters competition rather than collaboration and will ultimately bear the financial and security costs that come with vulnerability.
Implementing a common IT language and automated asset management system creates a foundation of transparency that helps enterprises avoid going down this road. This transparency and insight helps to leverage existing cybersecurity tools and programs. When a bug does strike, a comprehensive, automated IT catalog allows an enterprise of any size to confidently search for and flag each instance of a potential vulnerability, in an enterprise of any size. Having these processes in place before a breach occurs not only helps to proactively protect against threats, but it also allows organizations to leverage data effectively, mitigating the effect of an attack.
A common theme at this year’s RSA conference was the increase in proactive security products being introduced. According to an ESG report, 51 percent of organizations plan to add new endpoint security controls as a countermeasure for advanced threats. While nobody knows when or where the next big security breach will occur, or what new virus will leave enterprises scrambling, it’s a breath of fresh air to see that a proactive approach to cybersecurity is becoming the industry standard. Given the average cost of a security breach – and the immeasurable hit a company’s reputation might take – why would you not take a proactive approach?
As President of BDNA, Walker White creates a better way for enterprises to extract value from their existing IT data.