Subscribe

More companies take on cyber aggression

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 25 Feb 2015
The rise of the Internet of things expands attackers' playing fields, says Gartner.
The rise of the Internet of things expands attackers' playing fields, says Gartner.

Although the frequency of large-scale cyber security attacks is low, by 2018, 40% of large organisations will have formal plans to address aggressive cyber security business disruption attacks, up from nothing this year, says Gartner.

It notes business disruption attacks require new priority from chief information security officers (CISOs) and business continuity management (BCM) leaders, since aggressive attacks can cause prolonged disruption to internal and external business operations.

"Gartner defines aggressive business disruption attacks as targeted attacks that reach deeply into internal digital business operations with the express purpose of widespread business damage," says Paul Proctor, VP and distinguished analyst at Gartner.

"Servers may be taken down completely, data may be wiped, and digital intellectual property may be released on the Internet by attackers. Victim organisations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack.

"Employees may not be able to fully function normally in the workplace for months. These attacks may expose embarrassing internal data via social media channels ? and could have a longer media cycle than a breach of credit card or personal data," says Proctor.

New approach

To combat these types of attacks, CISOs must pivot approaches from blocking and detecting attacks, to detecting and responding to attacks, notes Gartner.

"Entirely avoiding a compromise in a large complex organisation is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur," says Proctor.

"Preventive controls, such as firewalls, anti-virus and vulnerability management, should not be the only focus of a mature security programme. Balancing investment in detection and response capabilities acknowledges this new reality."

More to attack

Gartner explains the rise of ubiquitously connected devices and the Internet of things (IOT) has expanded the attack surface, and commands increased attention, larger budgets and deeper scrutiny by management.

ITWeb Security Summit 2015

The tailored tracks at the ITWeb Security Summit 2015 cover a wide range of topics, empowering information security professionals to select sessions of particular relevance to their roles within the enterprise. ITWeb Security Summit 2015 takes place from 26 to 28 May, at Vodacom World, Midrand. Book today!

It says digital business should not be restricted by these revelations, but companies need to place emphasis on addressing technology dependencies and the impact of technology failure on business process and outcomes. "Information owners should be made explicitly accountable for protecting their information resources, ensuring they will give due consideration to risks when they commission or develop new digital business solutions," says Gartner.

The expectation that digital business will be a successful consumer business model relies on IOT devices being always available, and any interruption in a transaction can negatively affect customer allegiance and revenue streams, it says.

Because of this, the standard of due care for security programme maturity will increase, with risk, security and BCM leaders getting more pressure and more support from executive boards than ever before, says Gartner.

"CISOs and chief risk officers can and should persuade executives to shift their thinking from traditional approaches toward risk, security and business continuity management. Security is not a technical problem, handled by technical people, buried somewhere in the IT department," says Proctor. "Organisations need to start solving tomorrow's problems now."

Share