Whether or not the internet is your business, your business is on the net.
Computer networks facilitate logistics, financial transactions, global staff productivity and the storage of data. The increasingly rapid pace of integration between the digital and physical world is providing organisations with a new environment full of opportunities to learn, collaborate and be more efficient. In the near future, almost all devices – and people – will be digitally interconnected.
Today this can be seen through the wide adoption of cloud computing, virtualisation, mobility, smart metering and the growing interest by organisations in implementing bring your own device (BYOD) programmes.
However, not all digital opportunities will necessarily succeed. Cyber criminals, hackers and rogue hostile states seek to take advantage of moments of instability and holes in security measures created when new digital trends emerge. As the interdependence between the physical and cyber worlds grows ever-closer, it is imperative that organisations implement balanced cyber securities – those that reap the rewards and maximise the advantages of new digital models, while keeping the negatives under control.
Getting strategic – finding the guiding light
The digitalisation of business is imperative for success, but worryingly, most of organisations have no cyber strategy in place. Due to a lack of understanding surrounding the dangers they're exposing themselves to, most organisations currently lack a strategic understanding of how to mitigate their exposure to threats while also harnessing the opportunities embracing the cyber world can bring.
To fully operationalise and benefit from a balanced cyber strategy, two integrated plans need to be developed; the enablement plan and the security plan. Businesses need to take advantage of strategic guidance, display commitment and implement control, with a clear framework of objectives and drivers for these plans to succeed. The strategy should be based on the view that cyber functions are a core capability of the business.
The first step on the journey to achieving a balanced cyber strategy is to develop a plan for digital enablement exploring what opportunities and benefits exist for an organisation through the adoption of new technologies. This is possible through a combination of research and insight into what digital opportunities currently exist and can be implemented and foresight into what digital opportunities will be developed in the near future.
Digital opportunities to be explored include: technologies enabling easier information flow; efficiency gains achieved through scalability, virtualisation and cloud migration; innovations in communication and collaboration; and maximising social capital through crowd-sourcing and customer engagement for research and development, product development and marketing purposes.
Secondly, a security plan needs to be developed to mitigate cyber risks resulting from digital enablement. Resilience should be incorporated as part of the plan, through situational awareness, effective and efficient security management and operations, and the installation and upkeep of dynamic security and deterrence.
The era of siloed security across the organisation is over. New approaches to security should incorporate proactive strategies seeking to process early signs of danger, build scenarios, enable live testing, observe behaviour trends and be constantly updated with hackers' latest thinking, tools and methods. A fully holistic, 360 degree 24/7 view over an organisation's entire system of networks, inventories, processes and events is required to enable centralised management, standardisation and rapid security decision-making across a business.
A final keystone to this strategy is the ability to be agile. As digital opportunities evolve, so too should security. Building concrete barriers and using static hardware-dependent technologies only serves to fight change and innovation with the result being that hackers evolve beyond a business' capabilities to defend.
Successful security is based on being better than the average, and making the ability to infiltrate systems too difficult to be worthy of the time needed to compromise security efforts by hackers. Best practice is for an organisation to benchmark itself against its competitors and continuously develop not only defensive capabilities but also offensive readiness.
Don't get caught out by the digital revolution
The internet has been and will continue to be a great source and facilitator of innovation. For companies to compete at a level above their peers, they need to seek the right cyber opportunities.
However, harnessing these opportunities can leave your company exposed to additional risk as business continuity becomes more reliant on network reliability; data is shared and in transit with partners; and digital interactions and collaboration become more vital elements of the customer experience. While using the internet is not a choice, an organisation simply exposing itself to these risks is purely irresponsible.
Striking a balance between risk and reward is essential. What this balance consists of is entirely subjective to the organisation involved, and dependent on the amount of risk they are willing to take in order to accomplish a specific investment return. However, business leaders need to be wary of the dangers of being blinded by technological innovation, which can potentially dilute strategies and ultimately cause detriment to business enablement and security planning.
Jarno Limnéll is director of cyber security at Stonesoft