Farshid Kapadia, Head of Enterprise Security & Risk Management, Europe, TCSThe world economy today is in the midst of a tectonic shift from the internet economy to the digital economy. As organisations digitise their operations to transform their businesses, and digital technology increasingly penetrates daily life, enormous potential is unleashed for business growth and value creation.
At the same time, new innovations and disruptions require new demands for improved security, availability and responsiveness. Hyper-connectivity is changing the world!
The increasing digital interconnection between businesses, people and things places society at the heart of the data revolution. The convergence of web, cloud, social, mobile and Internet of Things platforms fosters a new model of data sharing. As these technologies expand in use so do the risks, making cyber risk management imperative to organisations today.
Businesses need to manage enterprise security across an array of business processes, applications and infrastructure, while remaining ‘open’ and ‘hyper-connected’ at the same time. The initial organisational responses to cyber-attacks led businesses to adopt a fortress mentality to protect themselves. Yet in many cases, they have failed to adequately secure data and processes and fend off cyber attacks.
The rise of ‘digital’ is exposing companies and consumers alike to increasing cyber security threats. Companies and individuals as well as their information systems/infrastructure are at an increasing risk of attack including theft/misuse of intellectual property, data theft and breach of privacy.
In the current digital environment:
- It is estimated that all organisations are under attack by hacktivists, organised crime, nation states or terrorists. These groups attack organisations for different reasons but all lead to business disruption.
- Many cyber-attacks are not detected by the organisations’ existing security measures and often external agencies make them aware of their exposure and breaches.
- Cyber-attacks are not detected quickly enough and sometimes take weeks or even months before the organisations become aware and react to the threats. Often it is too little and too late.
- A lack of in-house expertise prevents organisations from understanding cyber security, detecting cyber threats and ceasing data breaches from occuring.
- Around half of organisations that have a data breach cannot identify the root cause, leaving them open to repeated exploitation.
- Organisations struggle or are unable to quantify and predict the loss costs of a successful cyber-attack. This inability to quantify the cost makes it difficult to ask for increased funding to improve cyber-security.
- Awareness of potential security gaps is poor in many organisations, leading to accidental loss of data and unexpected security breaches.
- Rapidly changing technologies outpace the security controls of organisations, leaving them exposed, sometimes dangerously, to cyber-attacks.