As cyber risk focus expands from on-premise to ecosystems, the focus will be on eliminating the weak(est) parts of the value chain
As cyber security specialists are fond of pointing out, questions such as ”who touches your equipment?” or ”how does information move through your networks, and how do you protect it?” are bound to always result in surprises. This in itself should not be too surprising, given that typical information systems are now so complex that it takes on average 200 days for a typical company to even detect that they have been breached in the first place.1
With adoption of cloud, remote working, and globally distributed partners set to continue accelerating; enterprises are faced with a dilemma.
On the one hand, tracking all the ways in which an enterprise’s data moves - and might create vulnerability has never been more important. Part of the solution will be zero-trust architectures where access must always be verified and networks can segmented to expose only what’s relevant.
On the other hand, it is quickly becoming far too complex for any one actor to understand or control. Looking ahead, the solution can increasingly be found in partnerships and the formation of trusted ecosystems. The defining characteristic of these systems will be that, while no single actor has full control, the actors collectively will trust each other with responsibility that all the links in the chain hold up. From on-site, to cloud, to end-user and the connectivity in between. This will build a divide and conquer approach where security, trust (and third-party vetted credentials) will be the foremost currency.
1 See ”Internet Insecurity”, A. Bochman, Harvard Business Review, May 2018
3 Tips to be ready
1. Forget quick fixes and magic bullets
Tomorrow’s future-proof enterprises will need to accept that there is no perfect protection against cyber threat, nor any quick fixes or magic bullets. The idea of buying ”boxes”, ”products” or ”ultimate solutions” from vendors that promise to fix all cybersecurity issues is an illusion. To stay on top of cybersecurity, enterprises will need to constantly juggle a range of different measures, accept that cybersecurity is a mindset and a culture, as well as learn to evaluate and live with a chosen level of risk.
2. Get the board onboard
Tomorrow’s future-proof enterprises will have board members and a C-suite that perceive cyber security as part of the overall risk strategy, and therefore a natural part of their responsibility. Everyone in the room - not just the CIO or CISO - need to be comfortable and have a basic literacy when it comes to assessing cyber risk. Is the current level of risk acceptable and in line with what the partners, insurers and the market expects?
3. Make building the right network of partners a key priority
Tomorrow’s future proof enterprises understand that when it comes to cyber security, partners are both a necessity and a potential source of risk. A necessity because data flows in ecosystems beyond any single enterprise’s control. A risk because one careless partner is all it takes for the defense to be breached. As such, enterprises will make sure to choose partners wisely, relying on rigorous due diligence, outside expertise as well as standardized third-party ratings to ensure that potential partners always match or exceed the chosen level of security ambition.
This article is part of our report: 12 predictions for Tomorrow's Connected Enterprise read the rest of the predictions here:
Tomorrow's Connected Enterprise