Talking cyber security
Gartner shares some insights into cyber security.
In a world filled with interconnected devices, the nature of many businesses are changing, leading them to adopt cloud solutions, and bring some form of their business online. While taking your business online does have its merits, there’s also a risk. We spoke to Paul E. Proctor, Vice President, Distinguished Analyst at Gartner, about these risks.
Perhaps you could give us an overview of the current state of affairs when it comes to cyber security?
The industry is going through a transition, where it’s all about ‘risk-based’ decisions. We prioritize which systems need to be patched first, based on the nature of a business. Traditionally, it used to be ‘checkbox thinking’, where there were step-by-step guidelines, but this resulted in spending money on things that don’t really help in securing your business that much.
What are the challenges you face when trying to educate your audience about cyber security?
Board of Directors often have a ‘cultural disconnect’, where they believe that security threats are a technical problem. They believe cyber threats can be prevented entirely, but that isn’t the case. All you can really do is invest more to lower the risk, or spend less and experience a higher risk. There is no perfect protection.
What can businesses do to decrease the risk of cyber threats?
Hire a security consultant to come up with a maturity scale. Maturity scales rate how prepared an organization is to handle threats. Globally, on average, the scale is 2.6 (out of five). The best organizations are about a 3.5 (out of five).
Businesses will also need to adopt a change in the way their security system works. By 2020, Gartner is advising companies to invest 60 percent in detection and response technology, and 40 percent in prevention technology.
Can you explain more about the challenges or risks that businesses face in an online world?
For many businesses, moving to the cloud is a fairly safe thing to do. Many people are worried about having their data exposed to unauthorized users, but the truth is that it’s about service availability more than security – cloud services have been known to go down, and the occurrence of an authorized breach has been incredibly low.
In closing, can you give us some key takeaway points?
When a business or organization is breached today, it is usually not a technical failure, but a decision making one. There is no such thing as perfect protection against cyber threats, and the only thing you can do is minimize the risk, and invest more in detection and response technologies.