Working in the digital era is becoming more collaborative, decentralised and platform-based, but this greater openness is creating new security threats. As the security and cyber security risk landscape is changing and growing, it is essential for organisations to change the way they look at and treat security.
“A successful business-to-security collaboration requires a complete change of culture,” says John McCarthy, regional (UKIIMEA) lead for DXC Technology’s Industry Strategy and Security Transformation Practice. “Security should not be separate from the business, it should be part of it – an integral part.”
Organisations must think of the risks and implications for their businesses if they don’t concentrate on security. What threats are out there? Is it someone cutting your physical internet cables, stealing your data, hacking and leaking your customer’s private information? It’s important to adapt your security controls for next-generation threats, but you should also consider how IT security controls can help the business move forward.
“Take a risk-based approach based on the industry – the outputs for the industry – not concentrating on security,” McCarthy says. “How does security impact the business?”
IT security needs to be fully integrated into everyday activities, McCarthy says. You need an agile approach and decision-making based on what you learn from the security data. This is a significant change in your approach to security: from how you procure security, how you move away from siloes, and how you take the IT security data and strategy into consideration when making business decisions.
So, how should chief information officers and chief information security officers prepare for the emerging security threats? First things first. Assess the potential risks. Could they bring reputational or financial damage? Then find the right protection mechanism and controls. Larger organisations could potentially be targeted more often and by more advanced attackers.
“You’ve got to take your data, you’ve got to run analytics on it, you’ve got to look for the unknown,” says McCarthy. “You’ve got to look for the needle in the haystack. There are no rules, there are no signatures, so you’ve got to take a different posture.”
Understanding what it is that you need to protect your organisation from will dictate the direction you need to go. Find the solution that works best for you and build a strategy, roadmap and culture around it to stay resilient.