The cost of cyber security breaches for British businesses totals billions of pounds. This cost has tripled over the past year, as attacks on customer data and, increasingly, intellectual property, appear unstoppable. According to a recent report by the Department for Business, Innovation and Skills, eighty-seven per cent of small businesses and ninety-three per cent of large organisations experienced at least one security breach in the past year.
Balancing security priorities, with business flexibility and agility, is a tough challenge. But it’s a challenge every executive management team faces as it strives to drive business growth, achieve competitive advantage and maximise operational efficiency.
Security breaches mean lost IP, compromised customer information and confidence, and valuation impact. Among those responsible for setting security strategy and operating policies, the temptation is strong is to do whatever it takes to reduce risk. But if you simply restrict the business, you hamper innovation and productivity.
As business environments change, security infrastructure must change to be an enabler for business success. Whether you’re operating under increased risk from advanced targeted attacks, or transitioning to the cloud or mobile devices for the productivity, agility and efficiency these technologies provide, the end result is the same: You need to adapt your security infrastructure in lock-step. You can’t afford to leave gaps in protection that today’s sophisticated attackers exploit. At the same time, you can’t keep adding complexity with disparate security solutions that don’t work together.
Adapting to changing business conditions
So what can you do as a cyber security professional, to enable the enterprise with the flexibility and protection it needs to move forward with minimal risk? You need a security approach that fits and adapts to your changing business environment. Here are a few questions to ask vendors when determining if a solution will offer you choice, flexibility and effective protection for the future:
- Can I access security solutions in a way that meets my business objectives?
Even if you don’t need all the options beginning day one, the solutions should be based on a platform that supports physical, virtual, cloud and managed services offerings. Hardware, software and services form-factors should work together seamlessly and be transparent to the user.
- How do you support integration with other, complementary, solutions and to what extent?
Most approaches to integration let you gather data from various sources at a point in time, and analyse it, but typically can’t correlate and translate that data into actionable intelligence. A tightly integrated enterprise security architecture lets you enforce policies across multiple, diverse, control points, without manual intervention, so that you can contain and stop damage and prevent future attacks.
- What flexibility do you offer to address new attack vectors and threats as they emerge?
Being able to deploy additional security capabilities as needed (for example, next-generation intrusion prevention, application control, next-generation firewall, dynamic file analysis and advanced malware protection), as part of an end-to-end security architecture, delivers the flexibility needed to meet security needs today and into the future. If this functionality is enabled via software upgrades and licensing, versus buying another appliance, then provisioning and management is more efficient and requires fewer resources on your part.
Attracting and retaining top talent
There’s collateral benefit to ensuring your organisation is protected as it evolves: attracting and retaining cyber security professionals. A lot has been written lately about the cyber security workforce crisis. It is widely estimated that in the near future job openings for skilled cyber security workers will top fifty thousand, between the public and private sector. And according to a recent survey by cyber security initiative, SemperSecure, more than half of today’s cyber security professionals put a premium on interesting and challenging work, over salary and benefits.
Being part of a security team that is focused on protecting the latest business models, with technologies that address new attack vectors and sophisticated threats, is attractive to join and hard to leave. Supplementing these technologies with regular training and certifications is a must - on-going professional development not only gives security staff the opportunity to keep their credentials up to date, but also ensures that you are getting the most value from your security investments with a team that knows how to optimise these technologies for maximum security effectiveness.
Selecting an approach to security that offers the flexibility to adapt to your changing business environment, lets you better protect the business while enabling innovation and change. Those technologies can also become an important advantage in recruiting and keeping talent. With the right approach in place, you can foster a security environment that satisfies everyone – from the boardroom to the break room.
By Sean Newman, Security Evangelist, Sourcefire, now part of Cisco