The Best Security is a Good Offense
By: IDG | 02/04/2016
In almost every aspect of our current day-to-day activities, security is a high concern. Whether it’s what to access on the internet, where to save your passwords, or the future of transportation (i.e. self-driving cars), we must always be up to speed on warning signs and happenings. Although 2014 was a busy year for security incidents in enterprise organizations, the number of incidents still managed to increase to more than 9,000 in 2015. Smaller organizations are starting to report a higher number of incidents as well with more than 3,000 security incidents reported last year. These incidents don’t seem to be slowing down anytime soon. Organizations are constantly playing catch-up, but they must create a strong security offense in order to have the best security defense.
What do we mean by security offense? Business leaders are now being proactive and stepping off the sidelines to communicate the importance of security strategy. Based on the 2016 Global State of Information Security Survey, 73% of organizations have senior executives who proactively communicate the importance of information security to their entire organization. In addition to communication, CEOs are putting security leadership into place. For example, when asked what safeguards organizations are putting in place, 54% said they now have CISOs and 49% said they have employed CSOs to be in charge of security programs (with security being a main focus, organizations now have multiple security leadership roles). These individuals are increasingly reporting directly to the CEO, allowing for transparency.
There are multiple technologies and strategies that security executives use today in order to promote a healthy and secure business. Eighty-one percent follow a risk-based framework/support structure or guide, and for good reason. Nearly half of CSOs/CISOs say that adopting frameworks have allowed them to better identify and prioritize security risks, as well as better and more quickly detect security incidents. On a technology standpoint, cybersecurity strategies now incorporate cloud-based services, big data analytics and advanced authentication. Currently, 70% of organizations use cloud-based security services to help ensure data security/privacy, which may come as a shock to some as the security of cloud is still a concern for the majority. Enterprises are also leveraging big data analytics to improve security. By analyzing the flow of their business better, organizations have received advanced warnings of cyber threats and thus prevented incidents.
Even with security measures in place, why do the number of breaches continue to climb? There are many outside threats aimed at reaching sensitive data or causing disruption, and as hackers continue to elevate their approach, if organizations do not stay on their toes they could find their security defense broken. So, another key area to offense is not just about what companies are investing in, but also how they’re investing and who is involved. This 2016 survey shows that it’s a team effort for organizations looking to become more offensive to stay ahead of the game. Two-thirds of organizations are collaborating with others in their industry to improve security, and nearly half (45%) of boards participate in overall security strategy.
With the broader approach to an offensive strategy through communication, collaboration, and enhanced technologies, organizations are making better gains in their security strategies. But this isn’t the last time we’re going to hear about security breaches. Organizations must continue to evolve and defend strategically.
Knowing the threats CISOs and CSOs are facing and what they’re focused on will help security solution providers better address their needs and be better able to communicate the value of their solutions.
Want to learn more? Check out our infographic!