The threat landscape is changing drastically. The world is witnessing a slew of cases of cyber-attacks and frauds across industries. Cyber-crime is perhaps the most dangerous weapon of mass destruction today. According to cyber-security company McAfee, the cost of cyber crime was $600 billion in the past year. The top management of companies is struggling to keep security expenses in line with cyber security needs, which is having to be prioritized along with the business. Information security is about technology, people and process. But with the technology changing so quickly, it is becoming difficult to cope up with the cost of the evolving in a dynamic and drastically quick way. The entire landscape is changing in a way that has never happened before.
“What we purchase today becomes obsolete tomorrow or becomes redundant because new threats are coming and new patterns are emerging. That is a very big bottleneck as far as information security expenses are concerned,” says Debojit Maitra, Head Information Security at Aditya Birla Retail Limited.
It is a cat and mouse game. On the other hand, businesses also expect that infosec initiatives, which are taken to fend off attacks, are not counterproductive or affect agility adversely. Many industry experts aver that that from this point onwards, things are only going to get worse. A chief information security officer’s (CISO) job is only going to get tougher as a lot of new age challenges emerge on the cyber security front. So, how does a CISO negotiate the fast pace of technological redundancy? Every day, the framework is changing.
“Vendors come with piecemeal solutions. My solution is that we should have a software-driven network (SDN). Earlier, the switches could be used as passive. But now my active device can be my SDN, so that I can inject time-to-time updates rather than changing down-the-line devices. If this kind of software driven infosecurity or threat management is put on the devices on top of everything, it can take care of threat management, intelligence, anticipation, mitigation, analysis, etc.,” adds Maitra.
Such a solution could prevent outright redundancy for enterprises. And there will be no need for enterprises to change devices every year. This will keep the CAPEX value depreciation to zero for organizations, which should in any case at least be 3 to 5 years. Moreover, there is a new headache for CISOs now with the coming of general data protection regulation (GDPR). With the coming of such privacy concerns and the way people handle data, there will have to be drastic changes in the way professionals look at cyber security. Currently, they are just playing catching up with the law as it can result into hefty penalties. There are internal threats too.
“The products in the market are not up to the mark in the sense of dynamism. Though I have a product for 10,000 clients in our system today, I know things will change tomorrow. I will be asked to adopt a different protection. This happened in the past also. Earlier, the threat was signature based, now it has become signature less. One day it is ransomware, it is something else the other day. The management cannot keep on spending without jeopardizing the business model. This year my budget is Rs. 9 crore. But my anticipation is that the way in which threats are emerging even this will not be enough,” adds Maitra.
The situation is becoming increasingly difficult not only for CISOs but also enterprises which want to protect their business digitally. Cyber security is crucial today and organizations will have to find a way to survive in the fast changing landscape. CISOs too will have to lead the way in being proactive on security and be the bedrock for their organizations to successfully fend off threats and challenges.