by Bryan Cruickshank

4 strategies for dealing with security threat 2.0

Feb 18, 2011
Data CenterIT LeadershipIT Strategy

Nothing in the corporate world moves as fast — or with as much agility — as a determined hacker. They do, of course, enjoy substantial advantages: hackers do not need to seek approval from project sponsors; they do not build business plans or change management models; and if their project fails, they simply disappear and resurface under a different guise to attack again.

And while hackers certainly represent an increasing threat to corporate security, today’s CIOs are also facing security challenges from a range of new, and often less criminal, sources. As a case in point, the ongoing WikiLeaks scandal provides a vivid and public example.

The threat of internal leaks is increasing with the popularity of whistle-blowing sites; government-sponsored actors are becoming more aggressive in their hacking initiatives; and loose groups of moral hackers are coalescing around popular issues to mount organised attacks, as evidenced by the disruption caused by the Anonymous Payback attacks in January.

Here are some tips on how to deal with today’s security threats:

React with agility In today’s fluid and complex security environment, traditional security systems and controls can only provide a finite level of protection and defence against this range of potential threats. As a result, many CIOs are starting to place renewed emphasis on building robust response strategies that provide them with the agility and flexibility to quickly react to issues as they arise in order to protect the organization’s mission-critical systems.

This, in turn, will require a culture change as employees become better informed about their responsibilities and gain a stronger understanding of their role within the organisation’s larger security framework. And while this type of change initiative may require a longer-term strategy, many CIOs will find that the effectiveness of their security systems increase exponentially as more employees become security-aware.

Plan for the future At the same time, forward-looking CIOs are struggling to balance the risk of these new threats against their organization’s plans for the future. For example, smart phones and other mobile devices, widely expected to boost business productivity, will come under increasing attack from hackers as more and more functionality is built into the systems.

The proliferation of mobile devices also multiplies the potential for DoS attacks as millions of web-accessible devices become vulnerable to hijacking by criminal elements.

The rise of cloud computing will also change the fundamentals of security for most CIOs. Executives will need to become more comfortable with relinquishing a level of security control to their third-party suppliers, some of whom may operate in foreign jurisdictions with less rigorous data protection legislation.

Cloud computing may also bring about enhanced security as massive service providers leverage their scale to create innovative and secure processes.

Focus on the data And as more and more systems move into the cloud and onto mobile devices, CIOs will need to increasingly focus on securing their data rather than their infrastructure. This will require some hard thinking about what types of data can be safely sourced out to the third parties and what must be kept in-house in order to maintain and oversee control.

A growing number of organisations are also starting to work cooperatively with their cloud services providers to structure contracts and agreements that incorporate some of the security controls of the corporate environment into the cloud delivery model in order to better capture the benefits of both worlds.

Always protect yourself Many CIOs may also want to take an extra hard look at their own personal security protocols and those of their executive peers.

There have been increasing instances of the more malicious malcontents targeting technology executives in particular, seeing them as a direct route to a rich source of security codes and systems access.

In other cases, CEO and CFO accounts have been duplicated in order to manipulate stock prices and destroy reputations.

A word of caution though. The dangers are out there, but CIOs must still resist the temptation to let paranoia dampen innovation. Too many rigid controls and formal processes often have the negative effect of increasing security risks by reducing the organization’s ability to react or evolve to meet the evolving threats they face.