Talk­ing cy­ber se­cu­rity

Gart­ner shares some in­sights into cy­ber se­cu­rity.

HWM (Malaysia) - - DIALOG - by Bryan Chan

In a world filled with in­ter­con­nected de­vices, the na­ture of many busi­nesses are chang­ing, lead­ing them to adopt cloud so­lu­tions, and bring some form of their busi­ness on­line. While tak­ing your busi­ness on­line does have its mer­its, there’s also a risk. We spoke to Paul E. Proc­tor, Vice Pres­i­dent, Dis­tin­guished An­a­lyst at Gart­ner, about th­ese risks.

Per­haps you could give us an over­view of the cur­rent state of af­fairs when it comes to cy­ber se­cu­rity?

The in­dus­try is go­ing through a tran­si­tion, where it’s all about ‘risk-based’ de­ci­sions. We pri­or­i­tize which sys­tems need to be patched first, based on the na­ture of a busi­ness. Tra­di­tion­ally, it used to be ‘check­box think­ing’, where there were step-by-step guide­lines, but this re­sulted in spend­ing money on things that don’t re­ally help in se­cur­ing your busi­ness that much.

What are the chal­lenges you face when try­ing to ed­u­cate your au­di­ence about cy­ber se­cu­rity?

Board of Direc­tors of­ten have a ‘cul­tural dis­con­nect’, where they be­lieve that se­cu­rity threats are a tech­ni­cal prob­lem. They be­lieve cy­ber threats can be pre­vented en­tirely, but that isn’t the case. All you can re­ally do is in­vest more to lower the risk, or spend less and ex­pe­ri­ence a higher risk. There is no per­fect pro­tec­tion.

What can busi­nesses do to de­crease the risk of cy­ber threats?

Hire a se­cu­rity con­sul­tant to come up with a ma­tu­rity scale. Ma­tu­rity scales rate how pre­pared an or­ga­ni­za­tion is to han­dle threats. Glob­ally, on av­er­age, the scale is 2.6 (out of five). The best or­ga­ni­za­tions are about a 3.5 (out of five).

Busi­nesses will also need to adopt a change in the way their se­cu­rity sys­tem works. By 2020, Gart­ner is ad­vis­ing com­pa­nies to in­vest 60 per­cent in de­tec­tion and re­sponse tech­nol­ogy, and 40 per­cent in pre­ven­tion tech­nol­ogy.

Can you ex­plain more about the chal­lenges or risks that busi­nesses face in an on­line world?

For many busi­nesses, mov­ing to the cloud is a fairly safe thing to do. Many peo­ple are wor­ried about hav­ing their data ex­posed to unau­tho­rized users, but the truth is that it’s about ser­vice avail­abil­ity more than se­cu­rity – cloud ser­vices have been known to go down, and the oc­cur­rence of an au­tho­rized breach has been in­cred­i­bly low.

In clos­ing, can you give us some key takeaway points?

When a busi­ness or or­ga­ni­za­tion is breached to­day, it is usu­ally not a tech­ni­cal fail­ure, but a de­ci­sion mak­ing one. There is no such thing as per­fect pro­tec­tion against cy­ber threats, and the only thing you can do is min­i­mize the risk, and in­vest more in de­tec­tion and re­sponse tech­nolo­gies.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.