Cybercrime has become a major threat to business, and it’s something that businesses everywhere are becoming painfully aware of.
For 27 economies around the world, cyberattack ranks among the five biggest threats. In eight countries, it‘s number one on the list of dangers for doing business, including the US, Japan, Germany, Switzerland and Singapore. That’s according to the World Economic Forum’s 2016 Global Risks Report.
This cybercrime risk continues to increase as technology advances and more and more business processes become digitized and extended to mobile devices, networked sensors and web services. It opens up new information-security vulnerabilities, which hackers – increasingly sophisticated and brazen – are ready to exploit. For those managing companies in this environment, gaining a better understanding of IT security is a must.
The first thing to know is that this new world order demands a different approach to information security. Traditional security systems, limited to guarding internal networks with perimeter-centric protection technology, inevitably fall short. To defend themselves, organizations must look at next-generation tools that provide real-time, proactive and continuous protection and response. This shift in mindset will be critical: for us as individuals, as members of a connected society, and as part of enterprises or public sector organizations.
Is your computer safe?
It’s difficult to really know if any machine is safe. The problem is that legacy IT security tools were developed when the rules of computing were different. They don’t address today’s always-on, distributed and hyperconnected reality.
But there is a new crop of cloud-based products that can instantly spot compromises and detect, monitor and respond to threats in real time. This lets organizations take a proactive approach to protecting every device, whether it’s located on-site or outside the firewall. To be effective, these new tools must be able to acquire knowledge of their context and, unlike traditional best-of-breed security point solutions, they must be able to communicate with one another.
Is your company vulnerable?
Accurately identifying their IT assets remains the biggest challenge within many organizations, large or small. Most companies rely on static, outdated and often inaccurate asset inventory lists.
To effectively protect IT assets, the first step is discovering and cataloguing them, and becoming aware of any changes in those assets in real time. Then vulnerabilities can be identified, prioritized and remedied. This continuous process is essential for ensuring protection of an organization’s IT assets and brand.
In fact, according to the 2015 Verizon Data Breach Report, 99.9% of the exploited vulnerabilities were compromised more than a year after their corresponding CVE (common vulnerabilities and exposure) entry was published. In other words, most data breaches exploit known vulnerabilities, meaning these incidents should be preventable.
What else is at risk?
As part of this conversation, it is important to look at how your company approaches IT today. Is it seen as a cost of doing business? Or is it perceived as the driver of your business and a key element of transformation that ensures competitiveness and strong customer and partner relationships?
I see a parallel here with England during the Industrial Revolution, when companies were able to produce goods more efficiently at scale. England had the largest and strongest navy in the world securing their seafaring lines. This allowed their companies to conduct business securely across the globe and to re-invest part of their profits in innovation. Security was the catalyst.
Today’s IT assets and infrastructure are the life-blood of many organizations. However, if they’re not secure, it’s not possible to ensure business and brand sustainability, and ultimately remain competitive. In other words, this new industrial revolution faces a growing threat from hackers acting just like the pirates of the high seas. And at a macro level, if we lack this ability for businesses and their customers to connect with each other in a secure and trusted way, the global economy will inevitably slow down.
How do we outwit data thieves?
Today’s economy is based first on moving information, rather than moving product. Information guides how decisions are made, which then influence how companies allocate their resources and prioritize. If that information flow can’t be secured and becomes vulnerable to compromise, the business is impaired. Ensuring that the information flow within an organization is not hindered at any time has therefore become a key strategic necessity.
Data thieves are always on the prowl, constantly looking for ways to break into internal systems and external devices. There has been an increase in “ransomware” attacks, in which cyber criminals demand payment for decrypting the files they hijack.
Cybercriminals also threaten to cripple networks via “distributed denial of service”, or DDoS attacks, and can steal sensitive, confidential data about individuals and organizations to be used in identity theft, financial fraud and intellectual property piracy. The growing “internet of things” will exacerbate this situation by offering hackers a larger threat landscape while making it harder to secure an exponentially growing number of interconnected devices and systems.
Attacks on existing IT infrastructure will continue, particularly in manufacturing and utility networks, which offer rich pickings for hackers looking for data or to simply cause mayhem.
In an ideal world, companies would update these systems to keep them secure, but this can be costly, especially if it involves replacing hardware. These implementations will have to be protected and monitored on a continuous basis, and these companies must speed up the process of finding and fixing security vulnerabilities and misconfigurations within their infrastructure.
What does the future hold?
As we look forwards, it may help to recall Charles Darwin’s theory of evolution by natural selection, because companies that adapt to this new business environment will be the ones to succeed. The others will gradually disappear.
This involves embedding the concept of security centrally and organically into how the company operates, rather than seeing it as a separate activity. It will require businesses to engage more closely with their IT teams. In fact, IT and security teams will have to fuse into a single organization, one that is built into the fabric of the cloud.
A company that is “secure by design” is one that can lay stronger foundations to handle cybersecurity issues. It’s the best way to protect your business and your brand.
Author: Philippe Courtot
Chairman and CEO, Qualys
Artcile originally appeared on the World Economic Forum bkog