Cyber security threats have changed dramatically in the last few years. Instead of the opportunistic, virus-driven tactics of a decade ago, today's threats are persistent, adaptive and particularly difficult to identify.
Compounding the problem, there have been a significant number of advancements within the ICT industry that have helped add to the challenges. The cloud, for example, has been identified as an area requiring refined focus for security solutions, while virtualisation has been highlighted by the industry for special attention from a security standpoint.
Today, there are security solution vendors which promote their specialised abilities to secure defences from a networking perspective, while others offer end-point protection. Then there are specialist offerings to address application security and control. Security solutions for the desktop and mobile devices have advanced in leaps and bounds.
Moving targets
The security goalposts continue to shift as organisations identify new risks across many key business areas, including people, processes, data and technology. Today, more than ever, companies are relying on specialised security solutions to detect evolving threats to intellectual property, reputation and privacy.
Unfortunately, the solutions selected to perform these critical tasks often adopt a piecemeal or technology driven approach to security, which generally results in only pinpointed targets being protected, leaving others vulnerable.
One of the key reasons this approach fails to provide adequate protection is it overlooks cross-discipline security aspects that significantly broaden the scope of the threat.
In light of the proliferation of the Internet of things (IOT) and the myriad connected devices the technology has spawned, it is increasingly obvious that the disparate, autonomously controlled security systems that companies have acquired over the years - in a bid to fully secure their ever-widening lines of defence - are becoming woefully inadequate.
Hoping for harmony
The problem with traditional defence mechanisms is that all security threats are viewed in isolation and the full spectrum of threats is not always addressed. Users are thus resolving some of the more obvious threats while remaining oblivious to others of equal or even greater magnitude. There does not appear to be much in the way of synchronisation or synergy between the defence mechanisms set up to meet these fast-developing challenges.
Moreover, if users rely on a predominantly application-based threat control, the traditional PC-type devices can be locked down, but if there are any machine-type technologies- or IOT-linked devices in the firing line, there will be little visibility and control over them.
Security threats are viewed in isolation and the full spectrum of threats is not always addressed.
Fortunately, the next wave of innovation in terms of security system developments has appeared on the horizon. The security industry is working on ways to synchronise and harmonise seemingly autonomous defence systems, allowing them to communicate with one another. The key objective is to assist companies to rapidly identify threats and then immediately defend against them at the most appropriate control points.
Importantly, these solutions will employ a 'belts and braces' approach to securing key devices - be it a desktop system or mobile device. If, for example, a security event is triggered on a particular device, all other components on the network will be locked down to mitigate against any vulnerability emanating from this device.
Similarly, should a security 'event' be triggered by the entrance of a threat at the network perimeter, the eventual targets - such as mission-critical operational resources - will be rapidly identified and defences immediately mobilised to defend them.
Today, corporate security needs to focus on linking end-devices, the network, the cloud and all applications flowing on it. As mentioned, there are many solutions that address these areas, but these are seen as independent silos.
Collectively, a security-aware industry must aim to tie together all the complex and dynamic systems that characterise today's networks and have a synchronised approach to - and a holistic view of - the corporate network, in terms of control and security.
Of course, the requirement that security solutions should be holistic is not a new concept, but so many parameters have changed that what might have been considered an effective strategy three to five years ago will, most likely, be ineffective today.
Captains of industry are being called on to facilitate business-driven security blueprints and strategies that can act as effective defences for their entire organisations. To be successful, they need to view security as intrinsic to their business processes, product development and day-to-day operations. Security should be incorporated into the initial designs, not simply added as an afterthought.
By so doing, business managers will be able to face the future secure in the knowledge that, holistically, their companies are ready to take on the latest security challenges by deploying up-to-the-minute technologies, leveraging them to boost defences appropriately without the threat of damaging, costly intrusions.
Share