There’s a radical shift happening right beneath the ground we stand on as the hardware defined world as we know it has migrated to the software platforms and beyond to redefine how IT drives healthcare, connected living, economic globalisation and the rise of smart cities. With every benefit, comes an equal and opposite risk and that risk is cyber exposure.
India with approximately 391 million users, per a recent report by BCG-TiE, has already become the second highest country in terms of mobile users and this is expected to grow exponentially to 650 million by 2020. In 2016, over 260 billion apps were downloaded over the internet across approximately 7.5 billion mobile devices communicating in an interdependent web with cloud based platforms and services. This is referred to as the Internet’s “Third Platform” and this is where innovating your information security strategy is imperative. While cloud, mobile and the Internet of Things (IoT) present undeniable efficiencies and opportunities in the business world, the reality is that they also add a multitude of cyber security complexity and potential exposure.
Many organisations are realising the increased efficiency gained from new technologies is paramount to remain competitive in today’s Third Platform, as these technologies are foundational to many critical key business and operational innovations. The number of devices, identities, and cross-functional systems across hybrid cloud, on-premise, public/private infrastructures, mobile platforms and shared business IT services is skyrocketing. To date, there are over 22 billion connected IoT devices on the World Wide Web with a projected growth to over 50 billion by 2020.
The explosion in the number of devices, identities, and shared systems isn’t just transforming business but is changing critical cyber security requirements directly related to the sheer scale, speed and complexity by which organisations, both public and private, are migrating legacy system to the Third Platform. While modern organisations are capitalising on cloud, mobile and IoT, they are also expanding their attack surface —and with it, new “hacker hot spots” are left in the wake of IT technology expansion, which leaves fertile ground for nation state hackers and cyber criminals to exploit.
The rapid transformation to the Third Platform coupled with new attack techniques and tactics are driving a call to action for strategies to be put in place to manage attacks based on business context and operational risk or “business driven security”.
Traditional security strategy has typically been an afterthought, focused almost exclusively on protecting technology and systems that have already been put in place within legacy on-premise infrastructure. Business initiatives were and in many instances, are still developed without considering the cyber risk exposure associated with them. In fact, many organisations have not even gone through the exercise to determine what their cyber risks are.
How prepared are organisations to integrate and cope with the influx of business-enabled, internet-enabled devices? Many of these devices and sensors send continuous streams of unstructured information about business and operational activities across the internet where that information is harvested for insights. This is the promise of “connected and enhanced living” and business driven security will be a force enabler in managing Third Platform risks of intrusion, data disruption and destruction.
The goal of a modern organisation’s security strategy is to create aligned synergies between the security strategy, IT environment, business and operational priorities. As such, they are moving rapidly towards a business driven security strategy developed in collaboration with the broader IT team, operational and business leaders. This prioritises security efforts by connecting security risk to business and operational risks. If you’re already in the Third Platform or on your way there, take a step back and ask yourself if you know where your operational risks are compared to your business risks. It’s never too late to start a business driven security approach.
The writer, Peter Tran is general manager and senior director of RSA Security’s Worldwide
Advanced Cyber Defence Practice