Cybersecurity is obviously vital in today's hyper-connected world, but there's a balance to be struck between maintaining organisations' digital defences and allowing them to go about their business without undue hindrance. That said, it's clear that new 'next-generation' approaches are required as organisations become more mobile, more social, more reliant on cloud services and less focused on the Windows platform, and threats become more complex and multi-faceted.
Looking beyond the immediate security threats to businesses and their customers, it's also clear that digital innovation will increase the attack surface for cybercriminals, which in turn will demand forward planning and vigilance from security professionals. A recent survey from Ernst & Young (EY) asked respondents about their familiarity with a range of existing, new and emerging technologies, their capability to address associated security issues, and the importance they placed on the different technologies:
Although there's an expected correlation between familiarity, confidence and importance, it's worth noting that the rankings (40-70 percent) for current technologies such as smartphones and tablets, web applications and social media are arguably not as high as they should be, and that emerging technologies such as big data, 'bring your own' cloud, the internet of things, digital money and cyber havens have very low rankings (<40 percent). This will require attention if cybercriminals are not to be presented with new opportunities for mischief.
Unfortunately, as in many areas of IT, there's a shortage of suitably skilled security professionals. In EY's above-mentioned survey, for example, 50 percent of respondents cite a lack of skilled resources as a barrier to value creation, while 31 percent feel that executive-level awareness and support is lacking.
FireEye's Enrique Salem echoes these findings: "I think there's a lack of security professionals, and this is a big issue globally — the threats have become more complex, so you need more focus and expertise." Salem also believes that the role of chief information security officer (CISO) needs a boost: "They [CISOs] absolutely need more visibility: a lot of regulations are coming out to make it mandatory for public companies that if you have a breach, you have to disclose it, so the audit committees of the board are going to want lots of information about what's happening. The role of the CISO will have to be very visible — not just to internal constituents, but externally as well."
Current working practices and the evolving digital landscape make it impossible for organisations to adopt a fortress mentality. Employees routinely use mobile devices to access social networks and 'bring your own' cloud services, increasingly on non-Windows platforms — all of which makes it easier for cybercriminals to penetrate enterprise and other networks. Next-generation cyberdefences, as outlined here, will help, but developments such as the internet of things will vastly expand the global attack surface. The cybersecurity arms race continues, and the stakes are getting higher.