Threats, risks and dangers related to cyber-security are changing. CIOs must respond with a well-defined strategy and the right mix of processes and tools.
To be sure, cyber-security must take a multilayered approach, and it must focus on defense-in-depth. One of today's challenges is that intruders may gain entry to a network through a vulnerability or breach and worm their way through systems and files over a period of weeks, months or years.
These advanced persistent threats (APTs) use multiple tools, technologies and methods to take intrusions to a deeper and more dangerous level. In some cases, the intruders may never make their presence known. They simply pull information—everything from employee or customer data to intellectual property—to perpetuate attacks that monetize their efforts.
CIOs and other enterprise leaders must ultimately focus on strategies that rely on multiple tools, technologies and methods to address the problem on several fronts. This may include everything from reviewing privileges and reexamining authentication methods to analyzing coding practices and reviewing the way encryption is used for data at rest and in transit. It could also address everything from vendor relationships to coding practices.
For example, as organizations migrate to DevOps, it's possible to use automated code scanning to detect vulnerabilities before software goes live. In addition, emerging cyber-security tools use artificial intelligence (AI), machine learning or deep learning, along with analytics, to detect unusual behavior and patterns. If an employee logs in at an unusual time from an unknown device or IP address, the system may require re-authentication.
However, TCS' Logan also stresses the urgency of employee education and training. Many of today's breaches are caused by inattentive employees, sometimes even those in the C-suite, who click a link and infect a system with malware, including ransomware. In other cases, employees circumvent policies because they interfere with their work, or they turn to shadow IT and rogue applications to complete work easier or faster.
"Ongoing employee education about phishing—and the use of anti-phishing campaigns that send test emails to users and then respond to clicks with just-in-time education—is an effective addition to employee security awareness efforts," Logan says. Likewise, intelligence sharing services can help organizations identify new risks quickly.
In the end, Logan says that a simple mnemonic is useful for security transformation: ARM. This translates to assess, remediate and monitor. Best-practice organizations embed cyber-security into the foundation of day-to-day IT operations. They have robust backup and recovery systems in place to guard against ransomware and other problems. They handle basic blocking and tackling but also examine how more advanced tools, technologies and practices can boost protection.
To be sure, the road to security transformation is long and winding. "A world-class organization must excel at the basics of identity management, vulnerability management, configuration management, incident management, incident response, backup and recovery," Logan explains.
Capgemini's Deally adds: "From a CIO's perspective, it's essential to look at what are you doing from a business perspective and build security protections from there. The most important question—and the one to work backward from in every case—is, 'How can I best mitigate risk?'"