Shape your Cybersecurity Strategy with Insights from the Ground

Digital is invading every industry. So are hackers and cyber criminals. Advanced technologies are building a world that’s modern, always connected and – vulnerable.

A digital business is continuously buzzing with interactions – between people, devices, applications and data and not just within the enterprise. Customers, partners, employees and suppliers are talking to each other using applications that could be anywhere from the cloud to the mobile, on-premise or off-premise. The security of the enterprise is no longer limited to its perimeter but expands to a wider environment where the number of attack surfaces are too many and sometimes too easy for a smart attacker.

The importance of cybersecurity cannot be emphasized enough but what exactly is the ground reality? Who at an enterprise level drives the cybersecurity agenda and does it align to the business goals? Why have the best of the cybersecurity strategies failed in the past? Do the technologies that help us build security also bring their own set of susceptibilities? Is every industry exposed to the same threats?

Cybersecurity Realities

To get a feel of the cybersecurity landscape, we decided to speak to nearly 900 executives from firms belonging to 12 different industries across United States, Europe, Australia and New Zealand. Each of these firms had annual revenues exceeding $500 million so their stakes are high. And they collectively provided us with answers that throw great insights and helped us come up with our own perspective on how we can approach the challenge of digitally safeguarding enterprises to ensure that they not only become secure by design and scale but also secure the future.

While you can read the complete study titled ‘Assuring Digital-Trust’ for a deep understanding of the subject, I would like to share a few interesting takeaways from the report that are worth noting.

As a CISO, it’s heartening to note that nearly 83% of the enterprises consider cybersecurity as critical which is reiterated by the fact that 66% of them had actually implemented a well-defined enterprise-wide strategy. A CISO’s job is getting easier with 50% of corporate boards already invested in the idea of having a strong cybersecurity strategy. And this isn’t just limited to any particular industry or geography.

At this point the discussion is moving to ‘what’ are the top most cybersecurity concerns facing enterprises and ‘how’ to address them. While 84% of them are worried about hackers and 75% of them are anxious about corporate spies and theft, it is not surprising to note that even unaware employees (76%) are causing nearly the same concern.

Standard security solutions deployed by enterprises include those that cover risk and compliance, encryption, incident management, identity management etc. Our study revealed that 66% invested in risk and compliance, security incident management and security awareness training and 64% of them in encryption and cloud access security brokers. Different industries are investing in different aspects of security depending on the risks they are exposed to. For instance, banking, financial services and insurance handle a lot of sensitive data and worry about compliance breaches. For them risk and compliance and intrusion prevention systems are critical. While manufacturers are more interested in protecting their assets and data particularly if they run a smart factory and are likely to invest in IoT security.

Often enough point solutions are implemented either as an afterthought or as response to immediate threats. This limits sharing of intelligence with no single unified view of the security posture and makes cybersecurity strategies lopsided.

As a result, businesses are realizing that they are getting exposed to risks that their current strategies are unable to cover. In addition, technological changes and lack of skilled personnel keep them struggling further.

The new cybersecurity strategy: Secure the future with design and scale

Cybersecurity needs to change from being compliance focused or a collection of point solutions to being an integrated solution with security embedded in the early stages of the business lifecycle for a more holistic approach that makes the organization agile and responsive to new threats arising from the ever evolving business environment.

Organizations need to be a step ahead of the technological advancement by working with experts who specialize in providing security solutions, by enabling threat intelligence feeds, by educating their employees and building a security oriented culture.

As a technology service provider, Infosys, believes technology can play a big role in bringing the right combination of cybersecurity capabilities, control, measures and even the culture to not just prevent incidents but to predict and respond proactively with the right measures and build resilience and business confidence.

An organization can be secure by design by embedding the concept of security at every stage of the business lifecycle by design principles thus maximizing visibility of threats, impact and resolution and minimizing risks. It can be secure by scale by building a resilient cybersecurity program built on AI and ML based integrated cyber security platform combined with industry insights and a skilled employee base. And lastly and most importantly, it must secure the future by continuously adopting newer technologies and innovative approaches to creating solutions that can help them stay ahead of threats.

I urge you to read the market research ‘Assuring Digital-Trust’ for a good understanding of the cybersecurity landscape and navigate to a secure future with success.

About

Vishal Salvi is Chief Information Security Officer and Head of Cyber Security Practice, Infosys.

https://www.linkedin.com/in/vishalsalvi/

Source:

https://www.infosys.com/insights/cyber-security/cybersecurity-strategy.html