Employees may come to work with a compromised wearable device, or pull their hacked connected vehicle into the company parking lot. This creates a new type of cyber risk for organizations – with significantly increased complexity and exposure. As the Internet of Things increases the cyber “attack surface,” companies must broaden defenses to include the plethora of embedded devices that now make up their ecosystem.
A new cyber security report from Booz Allen Hamilton suggests more companies are exploring an “active defense” approach to cyber security, while preparing for an entirely new set of threats to medical data, connected vehicles, mobile payments, and Internet of Things as well as emerging technologies like “wearables.”
Among the emerging trends in cyber security –
“Proactive defense” becomes best practice – Recent corporate victims of cyber attacks have one thing in common: they all thought they were prepared. Tired of being a step behind, companies will gravitate to a more active, anticipatory approach to preparedness and defense, one that looks over the horizon at emerging criminal patterns and active threat actors. We will see more organizations take an “intel to operations” model that enables companies to use real-time intelligence and threat assessment data to shape decision making, fine tune defenses and pre-empt emerging threats. “It’s a shift similar to what took place in natural disaster response, where use of predictive weather data enables communities to take preventive measures before the storm hits,” added Stewart.
“Incident response” hype meets reality – The cyber market is crowded with companies that market an “incident response” capability in the event of a data breach. Yet is there enough experienced cyber talent to staff up all of these companies? Do these offerings include the right balance of multidisciplinary expertise necessary to be successful (e.g., Crisis Communications, Legal, Policy, Business and Technical)? Expect CISOs and other corporate leaders to take a more discerning look at the latest incident response offers; the people behind them, and their step-by-step methodology. Their goal should be to position their firms to successfully navigate an incident and prevent negative repercussions.
Preparedness moves beyond dollars, compliance – Companies are devoting significant resources to building up their cyber defenses – and often quantifying those steps in dollars spent and compliance achieved. Yet as data breaches multiply and their reach broadens, scrutiny of preparedness will shift away from the “how much” to the “how” and “who.” How many people are engaged? What are their backgrounds? What software tools are being used? Cyber security will continue to evolve from a compliance issue to a strategic, business-critical priority. This will trigger a greater interest in “what’s under the hood.”
Embedded Security is now an undeniable requirement – It is a new necessity that presents a competitive opportunity. As Internet connectivity touches everything from light bulbs to vehicles and electric turbines, cyber security and risk management increasingly must be accounted for when designing and producing products. And with end users increasingly concerned about privacy and data security, strong embedded security becomes a market enabler, differentiating a company and its products in a competitive market.
The c-suite rethinks cyber response – To date, the CIO or CISO has taken the reigns (and, too often, the blame) when a cyber crisis hits. Yet as companies understand the inevitable business impact of a cyber event there is movement to a new model. For example: adding a business leader within the c-suite with the explicit role of driving data breach response activities across all facets of the organization. A move a way from the current approach of assigning this job to a technology executive. Fueling interest in a different approach: workforce changes, new, emerging threats, and constantly evolving “best practice” response tactics.
For data, background and forecasts on Cyber Security: Search CardWeb.com’s CardFlash® Library of more than 58,000 archived articles; Access CardWeb.com’s CardData® for current and historical Performance, Portfolios, Profiles, etc. Visit RAM Research® (ramresearch.com) for quarterly and annual forecasts covering more than 150 metrics. [complimentary or deeply discounted access to CardWeb.com subscribers].
Additional database resources include CardWeb.com’s CardExecs® – comings & goings of payments movers & shakers; CardWeb.com’s CardWatch® – ears & eyes on marketing globally (57K items); and CardWeb.com’s CardPixes® – form & function of card design (7K items).