How can we protect our IT system from the growing diversity of threats? Figures highlight just how relevant this question is for every professional working in IT security.
Systems, technologies and their uses are changing, and so it seems logical that security should follow suit. Whilst everyone now agrees that cybersecurity and compliance obligations must become levers for businesses to perform well, information security transformation is by no means trivial: a long term plan should be thought out and changes in the environment should efficiently be taken into account.
The first of these changes is the greater variety of threats and the emergence of new phenomena. In 2016, for example, we observed a threefold increase in the number of ransomware attacks compared to 2015. From malware to phishing, attempted intrusions and information breaches are turning out to be both complex as well as silent: the average time taken to detect a targeted attack is 205 days. In France, two thirds of Chief Information Security Officers (CISO) consider that the threat environment has deteriorated.
Threats, regulation, uses: a shifting environment
There are also two other trends in the phenomenon. The first is the increase in regulatory requirements, adding to the pressure weighing on the shoulders of businesses. It’s impossible to avoid the obligations of the GDPR between now and when it comes into effect in May 2018.
The second trend is the boost in digital transformation as a result of the continued development of processes and technologies, with a more frequent use of the cloud and the vital reinforced testing audits that it involves. These new uses bring an enormous amount of flexibility to professions, but not without the implementation of numerous, adapted security rules.
But what is the impact on CISOs? A shift in budgets has been observed, with an increased proportion of investments going towards ways of detecting and reacting to security incidents. Responsiveness and even proactivity of detection as well as the ability to bring a rapid and suitable response will consequently become key decision criteria for CISOs over the next few years.
We simply cannot ignore that 86% of CISOs recognise that they are not fully confident in the cybersecurity policy and means set up by their company.
Can outsourcing help us detect better?
To get prepared and improve cost management, many organisations are outsourcing the more technical aspects of cyber security (verification, logins and access management, data loss prevention, etc.).
Studies show that 50% of security incidents are already detected by a third party security operations centre (SOC), whereas only 23% are discovered by internal detection solutions.
This trend should be fully established as soon as topics such as real time supervision or threat anticipation are considered as a must. We estimate that outsourcing will rise to more than 11% per year over the next few years, representing 22% of the market by 2020.
Due to this shift, experts will focus on SOCs with advanced cognitive technologies (real time intelligence sharing and management, behaviour analysis, etc.). These will be able to constantly integrate the best technologies as well as taking into account the rapid changes taking place in the cybersecurity landscape.
Latest posts by Marion Godrix (see all)
- Cybersecurity: machine learning to be the main focus in 2018 - 26 January 2018
- Cybersecurity: Five vulnerabilities you shouldn’t ignore - 25 January 2018
- [INFOGRAPHIC] Data security: 99% of employees ignore good practice - 24 January 2018