You don’t have to look far nowadays to find a company that’s suffered a data breach. Many of the world’s biggest and most prominent organizations have fallen victim – Yahoo, Uber, ebay, WhatsApp… the list goes on.
It would be easy to assume these companies had let cybersecurity slide, but I’d be willing to bet that most of them have had firewalls and anti-virus software in place for decades. Indeed, companies are spending more on cybersecurity than they ever have. Some sources suggest the market for cybersecurity solutions could be worth as much as $300 billion by 2024. So why are data breaches only becoming more frequent and more costly? It’s not that companies aren’t investing enough, it’s that their investments don’t seem to be working.
Companies continue to suffer breaches and attacks because modern security management requires more than technology. Don’t get me wrong – technology is an important tool in the process, but it should only be one part of a much broader and more strategic approach.
In order to succeed, security needs to be part of a company’s digital transformation from the outset. It needs to be built into IT solutions themselves, rather than appearing as an after-thought that’s addressed with the latest cybertech solution.
There are several reasons why a more holistic approach to security is more effective, and the first is a technical one: it’s difficult to rely on a single technology to protect a digital landscape that’s changing every day. As an increasing proportion of business operations migrate online, the surface area for attacks is expanding and becoming more complex. Customers are signing in to SaaS portals, and purchasing products on e-stores.
Meanwhile, employees are sharing more information through online collaboration tools, and working remotely using BYOD and VPN connections.
A company’s digital footprint is constantly shifting and evolving. The cybersecurity technology installed today won’t necessarily be fit-for-purpose in the next couple of years, or even the next couple of months. Rather than placing faith in technology that might soon become redundant, it makes more sense to embed security within the systems and applications themselves.
For example, safeguarding applications could be as simple as defining the right secure by design patterns for modern DevOps. If the provider is security conscious, the cloud environment will already have the latest security features, and have up to date compliance with security standards. Such environments are also constantly informed by broad and expansive threat intelligence, which can be brought to bear automatically through AI and automated response capabilities, pro-actively responding to the current threat landscapes.
The second reason why cybersecurity requires a broader approach is that it’s no longer just an IT issue, but a business issue in its own right. A company’s digital reputation is a huge contributor to its revenue and profit, and data breaches have a massive impact on a company’s bottom line.
According to IBM’s 2019 Cost of Data Breach report, data breaches cost companies just under $4 million apiece. On the other hand, over-sensitivity to security can also have costly implications. For example, research from MIT’s Center for Information Systems Research found that sensitivity to data-related risks keep senior executives and board members from optimizing financial returns from business analytics and big data.
Security has the potential to make or break companies, so the C-Suite needs to understand the topic, and factor it into its decision making. Indeed, the same is true for every project, at any level – security has to become part of a company’s culture. This calls for new skillsets such as cloud security, secure development lifecycle and integrating threat intelligence into the protection platforms.
Companies have certainly learned from the data breaches that have dominated the news agenda over the last few years. As an IT professional, it is heartening to see just how seriously the business world is taking cybersecurity. The challenge, however, is that many are going about it the wrong way. Cybersecurity can’t be bought with technology alone, as convenient as that would be.
The digital landscape is a complex, continuously evolving entity, and securing it involves an approach that is considered, holistic, and highly strategic.