04.13.2017Enterprise Tech

3 key shifts in the security landscape

By: John Loveland
Staying ahead of cybercriminals means taking a proactive security approach.
Mr-Robot-Cybersecurity-1280x720.jpg

In recent years, we have seen a dramatic change in how businesses are using technology to achieve their objectives. The digitization of workflows and the transformation of IT systems have significantly impacted business models, and are placing unprecedented demands on IT infrastructures. The explosive growth of mobile devices, migration to cloud, emergence of Internet of Things (IoT) and Software Defined Networks (SDN), have opened the doors to better customer experiences and greater access to information throughout the business ecosystem.

However, this increased access has magnified the cyber battlefield and lead to new and greater security challenges. It has generated more targets for potential attacks and made organizations more vulnerable than ever before. Security concerns now touch every part of the business and have revealed skills shortages in departments that didn’t even exist a couple of years ago. Combine this with the growing list of complex regulatory and compliance environments organizations must adhere to, and we witness the growing security pressures of the digital age.

Fear, uncertainty and doubt’, the initial concerns of IT security, have now evolved to not just encompass IT risk, but reputational risk as well. Security is now a board-level concern, and the responsibility of every employee and supplier

The widely documented breach at Sony in 2014 put cybercrime at the top of the business agenda. Organizations realized that a breach, compromise or attack could have a major impact on business performance, brand perception and – most importantly – the financial bottom line. Security became an enterprise-wide issue that needed addressing, and managing risk has become a business priority.

Since Sony, IT security has evolved dramatically. Three key shifts have taken place:

  1. Security’s outreach has increased.
    No longer just the concern of the IT geek in the back room, security now impacts everyone and has an expansive view. Its horizon is absolutely linked to business operations – whether local, regional or even global – and every department it touches. It has the power to break down the silos that enterprises often operate within; increasing interaction across departments, so that assets that need protecting are identified, reducing the impact of a future attack. However its reach stretches beyond the confines of the core of the business, out to the edge where data (held in the cloud, on mobile devices and generated by IoT) is in transit and potentially a moving cyber target. Adaptive enterprises are leveraging digital transformation, and that impacts how they also use security – linking it back to business objectives; enabling disruptive business models such as mobile banking, and strengthening their focus on cyber threats.

     

  2. Security is built into innovation.
    IT security is no longer a barrier to change, hindering the adoption of new processes and the adaption of innovative technologies. In fact, security is front and center in the new digital world. It is accelerating ‘speed of service’; embedded in Software Defined Networks (SDN); enabling wider, seamless and secure access to data in the IoT and much more. Security is now a pre-requisite, built into new technologies and devices from the outset.

     

  3. Security has to be responsive, agile, and intelligent.
    Speed and agility are not the only assets IT security needs to harness. It also needs to act smarter and be more effective, often in the face of reduced budgets. Managing security in the digital world involves the gathering, synthesis and analysis of security data as standard. It’s no longer just about the data, but what the data can tell us. Those providers that can leverage insight, intelligence services within a global network view will be at the forefront of the next generation of security services, improving cyber threat visibility and mitigating risk. This will separate the security intelligence provider market into those who just collect data, and those with the foresight and expertise to deliver intelligent insights.

What does the future hold?

We might not have a crystal ball, but we do know that innovation and digitization will not stop. They will continue to grow at an exponential pace, and remain crucial for business success. For businesses to stay relevant now and in the future means embracing new technologies, defining strategies that deliver (and exceed) on customer experience, and taking a proactive security approach.

Verizon’s 2016 Data Breach Investigations Report shows that the same threat tactics are still effective in infiltrating data, because many organizations are missing foundational security tools and processes. Faced with the daily threat of cybercrime, businesses can’t be reactive anymore – there is too much at stake.

When looking for a security partner, organizations need to choose one that can demonstrate the ability to detect, respond, mitigate and prevent threats. They need complete visibility – geographically, across the network and into dark net activity. They also need the experience to identify threats before they come knocking on the door. Verizon has investigated thousands of cybercrime cases over the past 20 years, and we know that attackers are persistent and continuously improve their skills. We understand their techniques and procedures, and use this knowledge to educate and protect our customers. It is important to remember that no organization – of any size, across any vertical – is immune to cybercrime.

About the author(s): 

John Loveland is the Global Head of Cyber Security at Verizon. He is a seasoned technology industry executive and leader with experience working with public, private, start-up companies and governmental agencies. John has led global teams in the delivery of cyber security, data privacy, compliance, and e-discovery, and enterprise content management solutions for clients.