The key to understanding how much the organisation should invest in shoring up its defences is to assess the potential cost of successful attacks .
editor ’ s question
?
he businesses that
T are most disrupted by cyberattacks are those that opt for a reactive , rather than a proactive approach to security . Akin to insurance , these organisations struggle to justify security investments and consequently delay making these until it ’ s too late . At this point , their IT teams are in the eye of the storm and are forced to shelve all other initiatives . Innovation understandably takes a back seat until the impact is contained and regular services restored . And because full recovery is never guaranteed , there is no set precedent for how long innovation could be sidetracked .
The far more sensible approach is to accept that cyberattacks are inevitable . Organisations should ‘ shiftleft ’ – embedding security into every process , architecture and system from the onset . Making security a foundational aspect of the IT paradigm not only eliminates the inefficiencies , stresses and other shortcomings of the retroactive approach , it allows systems to be designed with useability in mind – whether for the operators of the system or the end customers . This largely eliminates friction , which can cause even the most well-intended measures to be circumvented and rendered redundant . The use of DevSecOps allows for this and ensures it is factored in throughout the whole product delivery life cycle .
Since even the best security infrastructures can be penetrated , the key to understanding how much the organisation should invest in shoring up its defences is to assess the potential cost of successful attacks and weigh that against the cost of the investment to protect . This is ultimately a gamble that will differ from company to company and vary depending on the services being offered .
Embedding security into every system isn ’ t a finish line either . As attacks are constantly evolving , so too must defences . Systems must be consistently and rigorously tested . Fortunately , CIOs today have a number of powerful AI and automation tools at their disposal . These allow issues to be detected before they are exploited , while advanced monitoring ensures events are rapidly identified and the appropriate alerts are raised . The more scenario planning and simulations organisations run , the better prepared they will be when attacks inevitably occur .
And since attacks are an inevitability , we all need to stay alert . With AI now being used as an attack tool , and as I write this , the advent of Quantum Computing
DAVID BOAST , GENERAL MANAGER – UAE , ENDAVA
The key to understanding how much the organisation should invest in shoring up its defences is to assess the potential cost of successful attacks .
on the horizon , the speed at which threat actors will be able to develop and modify their attacks will only increase with time . Firms need to invest in understanding the emerging threats that new technologies will bring . They need to be horizon scanning for these threats and making sure they have an appropriate risk mitigation strategy to avoid their CEOs being front page news for the next security breach .
On the bright side , if organisations are able to pivot their approach and build in security by default , they can confidently embrace the latest technology paradigms and accelerate forward with their Digital Transformation . It can even become a unique selling point to their customers and internal stakeholders , differentiating them in the market as an organisation that takes security seriously . u
38 www . intelligentciso . com