BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Wells Fargo Senior EVP Ather Williams On Digital And AI In Banking
Self-Awareness Is The Leadership Word Of The Month For April 2024
Total Quality Logistics CIO Ryan Kean On Keys To Fostering Growth
For ExxonMobil, Data Is Much More Than Just The New Oil
Hiring? Job-Seeking? Beware Of Artificial Education, Not AI
ONC Invites Public Input On Health IT Plan
Edit Story
LeadershipCIO Network

Security In A World Of Instant-On Computing

Eric Savitz
Former Staff
IT Central
Contributor Group
Opinions expressed by Forbes Contributors are their own.
This article is more than 10 years old.

Guest post written by Jan Zadak

Jan Zadak is executive vice president of Global Sales & Enterprise Marketing at Hewlett-Packard.

There is no question that technology is a key underpinning for the way we live and work. Every day, our digital worlds become exponentially larger. We are demanding instant access from anywhere and any device. In this instant-on world, the lines between our personal and professional lives are blurring - we require a seamless experience at home, at work, at play and on the road. But this seamless experience is making the security of mission- and business-critical data a complex issue for business and IT decision makers.

The potential financial and business impact of cyber crime has put security at the top of the modern CIOs’ agenda. Cyber crime generally refers to criminal activity conducted via the Internet. The attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure.

According to a recent survey conducted by the Ponemon Institute, the cost of cyber crime is increasing at an alarming pace, as attacks have become increasingly complex and costly to resolve. The second annual benchmark survey shows that:

  • Cyber crimes can do serious harm to an organization’s bottom line. The median cost of cyber crime is now $5.9 million per year, a 56 percent increase from the median cost in last year’s study.
  • The frequency of attacks is increasing. During a four-week period, organizations surveyed experienced an average of 72 successful attacks per week, an increase of nearly 45 percent from last year.
  • The attacks are getting more complex. The average time to resolve a cyber attack is 18 days, with an average cost of nearly $416,000. This is an increase of approximately 70 percent from the estimated cost of $250,000 during a 14-day resolution period in last year’s study.

The open and seamless nature of today’s digital world makes it virtually impossible to eradicate all security risks. Employees will continue to use corporate IT assets to connect with friends, shop online and pay bills. They will also increasingly demand to do work from their home networks and on their personal devices. This convergence leaves an organization’s infrastructure open for attack on a variety of fronts.

A study from Coleman Parkes, commissioned by HP, found that while executives are aware of potential security threats, they lack confidence in their organizations’ risk management practices. Specifically, only 29 percent of business and 27 percent of technology leaders indicated that their organizations were very well defended against security threats.

One of the keys to controlling the business impact of security breaches is to manage risk. This means identifying what matters most in terms of business and government value, then applying security investments commensurate with the risk values/tolerance. Core business processes, and those that enable competitive differentiation, rise to the top of the list. Once a company understands the risk associated at the business process (or service) level, they can align their business and IT risk priorities, and reduce total risk exposure.

The increasingly sophisticated and pervasive nature of security threats is also forcing organizations to look at their security solutions in a different way. Throughout the years, most organizations have taken a reactive approach to the evolving set of security and compliance issues. In many cases, this strategy has led to a complex patchwork of point solutions that are hard to manage and don’t allow the flexibility needed to quickly and proactively address future risks.

It’s time to reexamine how security is handled within the enterprise. The inherent business and financial risks associated with the ubiquity of technology requires a comprehensive approach that spans platforms, networks, applications and devices, and one that brings together disparate processes and technologies. The goal is to enable the enterprise to make smart, relevant risk-based enterprise decisions.

To mitigate the business and financial impact of security breaches companies must do the following:

  • Assess the enterprise risk tolerance profile, compliance requirements, operational requirements, organizational capabilities and resources;
  • Transform the organization’s ability to move from managing security in silos to establishing a unified approach;
  • Manage the associated security transformation programs required to deliver security in the most effective way for the enterprise, adopting best-of-breed security technologies and flexible sourcing models;
  • Optimize, by continually monitoring the environment to proactively recommend operational and process improvements and initiatives to deliver an enhanced security and risk posture.
Eric Savitz
Eric Savitz