Traditional security tools no longer protect the business, and as IT systems evolve, they bring forth more weak points that entice cyber-criminals.
In business and IT, all roads now lead to cyber-security. Not only are attacks becoming more common and widespread, they're increasingly destructive and costly. Moreover, with attack surfaces expanding due to the Internet of things and connected systems and devices, the situation isn't likely to improve anytime soon.
Two new reports highlight the changing cyber-security landscape—and the growing extent of the dangers. The 2016 Neustar DDOS Attack & Protection Report found that 73 percent of organizations have been attacked. Among those that have endured an assault, 82 percent were attacked repeatedly, 57 percent suffered theft and 45 percent were infected with malware. In addition, 50 percent of the organizations estimated the cost of a DDoS-related outage to exceed $100,000 while 33 percent estimated this cost at $250,000 or more.
Interestingly, Netwrix Corporation, a provider of IT auditing software, points out that many breach risks are a result of changes to IT systems and access—and resulting weak points. For instance, 63 percent of organizations have deployed IoT devices, but only 34 percent have security measures in place. The firm's 2016 IT Risks Report found that only 17 percent of organizations are confident about their ability to defeat cyber-risks and nearly six-in-ten respondents (58 percent) claim that the IT change controls are adequate to their business specifics and organization.
Meanwhile, 53 percent of the respondents said their organization has experienced system downtime as a result of an attack or breach.
"The survey discovered an inconsistency between the initial assessment of maturity and the adequacy of IT change controls deployed by organizations and their actual ability to deal with cyber risks," said Michael Fimin, CEO and co-founder of Netwrix.
By now, it should be entirely clear that there are no simple answers and there is no silver bullet for cyber-security. CIOs, CSOs, CISOs and other enterprise leaders must begin to think about the topic within a more comprehensive framework. Traditional tools and technologies alone are no longer adequate. They're simply part of an essential multi-layered strategy.
Today, there's a need for more sophisticated governance and compliance solutions, IT auditing tools, next-generation security analytics—as well as smarter network designs, such as air-gapped networks that better protect mission critical systems and data. Yet, more than anything else, there's a need for a strategy that extends beyond technology and ultimately spans business units, departments, processes, applications, technologies and people.