Cybersecurity reimagined for the CISO
Despite the technological innovation taking place, companies would do well to remain focused on ensuring their IT fundamentals are in place before rushing to capitalise on the latest trends. And nowhere is this more critical than when it comes to cybersecurity.
Expectations are that the impact of global cybercrime will cost businesses more than $6 trillion by the end of next year, up from $3 trillion in 2015. It, therefore, remains one of the most significant challenges as digital transformation continues to grow in momentum, and the cloud has become part of standard business operations.
Fortunately, companies are taking the protection of their data and networks seriously. Worldwide spending on information security solutions is anticipated to grow at a five-year compound annual growth rate of 8.5% to reach $170.4 billion by 2022.
In this environment, the role of the Chief Information Security Officer (CISO) will continue to gain in importance. For them, it is as much about having the technical expertise as an understanding of a company’s operations to define security priorities from a strategic, operational perspective.
Considering how critical data and its analysis is for the success of business irrespective of size and industry sector, the CISO provides the much-needed link between the technology and the organisational goals.
Cybersecurity requires more than just an endpoint approach. It is reliant on being integrated into all aspects of the company. With data breaches at an all-time high, there is no choice but to think differently about how best to safeguard sensitive information.
The recently published Cisco 2020 CISO Benchmark Report examines insights on best practice, trends on security technologies, and insights on the impact of breaches. One of the trends identified is how organisations are consolidating the vendors used in this regard. Most businesses (86%) use between one and 20 vendors, with 13% using more than 20.
The days of relying on a myriad of vendors, each specialising in different aspects of cybersecurity are gone. Decision-makers suffer from vendor fatigue and want to reduce the complexity of their digital environments. With multi-cloud environments a practical reality, companies are focusing on how to get the best returns out of their technology investments. And when it comes to cybersecurity, this will result in an integrated manner of dealing with all possible entry points of attack.
The Cisco research shows that this has also had an impact on the outsourcing approach of companies. In part, this has grown with cost efficiency and faster responses from incidents being primary drivers for going the outsourcing route.
The nature of data means companies can ill afford to have weeks, and even months go by without detecting breaches. The financial repercussions are too significant. There is combined pressure from the regulatory environment and customers who will migrate their business to service providers that deliver improved security.
Therefore, the CISO will focus on breaking down the traditional silos of cyber defences and look at more efficient ways to have complete oversight of their security environment. Different solutions in different departments will no longer be good enough. It is about accounting for the entire organisational approach to cybersecurity and data management and building a cybersecurity strategy around that.
Investments in cybersecurity have always been a balancing act between delivering on what is required, versus the practicalities of implementing solutions. Having clear cybersecurity outcomes will drive decision-making as the digital approach will remain fundamental in the years to come.