Hackers cripple a movie studio’s computer system and threaten employees. Organized crime rings steal credit card information from retailers and banks about hundreds of millions of customers. Hacktivists are taking down government and corporate sites. When it comes to security, we’re in an entirely new world.
- 82% of security execs say the very definition of security has changed in the last three years, according to IBM’s third annual study of Chief Information Security Officers.
- 59% say the sophistication of attackers is outstripping their own defenses.
- 62% strongly agree that the risk level to their organization is increasing because of the number of interactions and connections with customers, partners and suppliers.
Open networks are common in business today — and present new security threats. Meantime, mobile, the cloud, and big data — key trends propelling innovation, customer engagement, and new business insights — are only intensifying these new challenges.
What’s a distributed, interconnected, data-dependent world to do? The answer is clear. Security leaders need to start securing ecosystems rather than just their own organizations. Protection through isolation doesn’t cut it anymore. On their own, organizations can’t do enough to improve the security of an economy based on networks. They have to work together.
It’s a step that security execs know they need to take. Right now, only 42% of organizations that we interviewed are members of a formal industry-related security group. But a whopping 86% believe those groups will become crucial during the next three to five years.
While more than 70% of these execs told us that they have a mature handle on traditional threats such as network intrusion, the newer areas of data, cloud, and mobile security need dramatic transformation. For instance, only 45% of security leaders report that they have an effective mobile device management approach in place.
Based on today’s realities, our study pinpointed four things organizations can do now to fortify their defenses. Here are four recommendations:
1. Get involved outside your company: Our economy is based on connecting with customers, suppliers and partners, and with data. That situation increases everyone’s level of risk and increases the need to work together. Figure out how to assess each other’s security: How can you best build trust in one another and broader ecosystems? Consider industry groups as a critical way for communicating good ideas. This is especially important because only 14% of security execs think a standardized way for assessing and quantifying risk will be widely used during the next three to five years.
2. Improve education and leadership skills: Security leaders told us that these areas were the skills they needed to work on most in the near term. Technology skills continue to be crucial, but remember to build core business skills as well because techies are doing much more than just handling IT these days. Your team needs to understand the role security plays strategically throughout your organization.
3. Shore up cloud, mobile, and data security: When it comes to the tsunami of data you’re facing, don’t get overwhelmed, concentrate first on building up protection of your most critical assets. To free up resources to focus on these newer areas, think about which of your capabilities are mature enough to delegate or outsource. Then prioritize cloud, data and and mobile security. For instance, as more devices become connected and the promise of the Internet of Things becomes a reality, the challenges of mobile security will skyrocket.
4. Be ready for different government scenarios: While it’s clear that regulations, standards and compliance will continue to be major factors, the picture gets more foggy on how they will exactly. Make sure to talk regularly with your chief privacy officer and general counsel. Nearly three-fourths of respondents say customer privacy is increasingly a topic of discussion with their business leadership, yet only 9% put the CPO as one of their their top three strategic partners.
Protecting an organization’s security will not get easier. However, the increasingly complex threats over the past decade have resulted in a higher class of security leaders, capable of charting their organizations through a persistent series of acute risks. By addressing the dangers to business, security leaders can help to provide an environment where an organization succeeds — no matter what challenges occur.