Technology is often the conduit through which advantage is delivered. If you can’t deliver this securely, any competitive advantage evaporates. This is why thinking of IT security in isolation can be a limiting activity. It’s sometimes better to think in terms of defending the business, from technology all the way up to process and people.
Organisations, when they’re operating best, seek out the fastest and most cost effective way of harnessing these competitive advantages.
Security is a top concern
IT operations need to deliver both financial and operational flexibility to support. This means allowing your business to apply new technologies with minimal capital investment, and increase expertise and levels of defence, reporting and board visibility of these with small or no increases to cost.
With sophisticated new attacks propagating at an accelerated rate, security is a top concern. This is evidenced by the growing number of C- level security executives, and by the intensive efforts of IT organisations to identify and address the gaps in their enterprise defences.
The number of companies reporting cyber security issues to US regulators has more than doubled since 2013 to 1,174, according to official data. Commercial bankers and oil and gas producers were among those most worried about attacks. Many attacks, however, go unreported. More still go undetected.
No such thing as perfect prevention
In a world where IT systems cannot practically be locked-down, organisations must accept that there is no such thing as perfect prevention, and that breaches will occur. Rather than trying to prevent every single breach – something likely to hinder the organisation’s ability to do business – companies should instead strive to manage cyber threats as an ongoing business risk. And countering determined, well-resourced and innovative attackers calls for an imaginative, well-resourced response.
Timing and context is everything. The faster you identify a problem, and the faster and deeper you understand it, and its relevance to your business, the more effectively you can respond to it. We call it squeezing the threat response curve.