22 March 2017
Blogs by author: Ramy Houssaini, Vice President of Security Europe, BT.
Our digital world is thriving. Rapid innovation is radically changing the technology and cyber-risk landscape. New business models relying on cloud and mobile environments are continuously dissolving the traditional perimeter, scattering data everywhere and creating new exposures.
Digital trust is rapidly emerging as the new competitive frontier for enterprises that recognise both the downside risks and opportunities associated with digital transformation. Building and maintaining trust in this digital first contest is critical to the strategy of the digital enterprise.
The security landscape has never been more active, appearing in the news on a daily basis.
Several ecosystem trends are at play that will only reinforce the importance of managing technology and cyber security risks in the digital world.
The demand for digital security will be shaped by a number of trends, but the overarching trend driving all of the others is the adoption of cloud-based services.
- We expect to see cognitive and AI technologies integrated into 70 per cent of enterprise security environments by 2018, enhancing the performance of more traditional monitoring technologies such as SIEM.
- SDN/NFV will become a reality. Virtualised security services will begin to replace on-premise services by 2020.
- Compliance with regulation and increasing consumer concerns for the security of PII will drive adoption of robust security practices across organisations regardless of size. We expect GDPR to be a big driver of this in Europe and the UK.
- There will be a growing need for more integrated threat-prevention solutions that provide a single source of alerts and priorities to act upon in order to increase the speed at which digital enterprise can detect new threats.
With this in mind, digital enterprises will have to adopt a different approach to cyber that secures the interactions between the business-critical digital assets while enabling the free flow of information throughout the enterprise across customers, employees, partners and suppliers.
Managing technology and cyber risks in this context requires adopting and implementing some key principles:
1.Reinvent technology and security to be digital friendly.
- Manage cost and control complexity: Support simplification of the operating model to accelerate digital transformation.
- Reduce technology accumulation: Free resources to respond to value chain disruption and new digital opportunities.
- Leverage existing strengths: Combine core expertise with digital sophistication to create new ways to deliver value.
2.Improve risk transparency.
- Make it evident: Continuous control monitoring should be implemented where and when possible.
- Fix the bad fast: Find vulnerabilities faster and monitor the speed of addressing the issues.
- Invest based on value: Apply the same rigor and diligence to technology and cyber-risk investments as you would to other type of investments. Right spending is more important than the actual investment profile.
3.Focus on what matters.
- Know your crown jewels: Constantly reassess your digital value chain and update relevant inventories.
- Eliminate your blindspots: Control your core activities and reduce spread of third- and fourth-parties.
4.Build resilience and compliance by design.
- Limit the blast radius: Focus on sources of catastrophic losses and contain environments.
- Enable compliance demonstrability: Embrace regulatory intent and deploy proactive regulatory management to anticipate the evolution of external requirements.
- Prepare for an agile response: Continuously test scenarios and activate dynamic response and recovery plans.
5.Take the offensive: Adopt a hunter/gatherer approach.
- Leverage the ecosystem: Collaborate with peers and agencies to proactively hunt adversaries in all locations.
- Build agility: Integrate dynamic threat intelligence to the optimisation of your technology controls.
- Outrun the bear: Disturb the economics of attackers by constantly making it more expensive to attack you vs. peers.
In a digital economy where businesses can reach vastly more people, iterate quicker, and make faster, better decisions than ever before, trust attracts customers. But these same capabilities also amplify mistakes and make exposure to business risk more systemic. That could mean losing customers, market share, and value.
Boards’ recognition of the importance of technology and cyber risks has already spurred cyber-security investment, with global spend set to top $100 billion by 2019, according to Gartner. Now, digital trust is also becoming a boardroom conversation.
To gain the trust of individuals, ecosystems, and regulators in the digital economy, businesses must possess strong technology and cyber-risk management at each stage of the customer journey. And new products and services must be secure-by-design.
Businesses that get this right will enjoy such high levels of trust that their customers will look to them as guides for the digital future. By following the principles mentioned previously, organisations can safely navigate the digital disruption in their environment and improve their competitiveness.