What is new about cyber security?

There has been much media attention and hype around cyber security. Is it just a new label for an old function (Information Security)? Or is there something new and significant involved which has implications for organisations and how they manage their security risk?

The use of the label cyber security has been brought new attention and focus to the topic from people in various functions which fall outside the traditional security specialism. CEOs, Ministers, CFOs, CIOs all now have a view on the issue. This is welcome because the threat to their organisations is real and requires a strategic response.

There have been three interlocking trends which have elevated the security risk to one of strategic significance for many organisations:

- The nature of the adversary and the sophistication of their operations have evolved dramatically. Growing awareness of the Advanced Persistent Threat (APT), demonstrated by the Stuxnet attack on nuclear industrial control systems, has highlighted the risk to business continuity, intellectual property, commercial and customer information.

Meanwhile cybercrime has been recognised as a key threat to many organisations, driven by the scale, resources and ingenuity demonstrated by many cyber criminals

- The regulation and compliance regime in most sectors has become more rigorous in its approach to data compromise and breaches. The new powers of the Information Commissioner in relation to loss of personal data can impact significantly both financially and reputationally on organisations found to be in breach. Most industry regulation, such as Basel II and Solvency II in the finance sector, has information security implications.

- Few technology and service offerings in the IT industry, such as cloud computing, mobility, ubiquity, social networking, have in different ways undermined the value of traditional approaches to security by blurring the boundaries we are trying to defend and challenging many traditional security policies.

All 3 trends not only increase the exposure but also the potential impact and damage that could result.

The risk environment in which we now operate has been transformed and hence the traditional approach to security is no longer adequate.

Related:
1 2 Page 1
Page 1 of 2
7 secrets of successful remote IT teams