How CIOs Are Addressing The “Unsustainable” Security Challenge

Jul 13, 2022
Data and Information Security
Credit: tsingha25

The proliferation of cyber threats has become so great that earlier this year the Australian government issued the recommendation that organisations “urgently” adopt an enhanced cyber security posture.

“Many actors use common techniques such as exploiting internet-facing applications and spear phishing to compromise victim networks,” the advisory note states. “Organisations should ensure they have implemented mitigations against these common techniques and are prepared to detect and respond to cyber security incidents.”

Actually doing so is one of the greatest headaches that CIOs and CISOs have to grapple with, however. Over 80 per cent of businesses have had their security budgets increase in the past year, according to research by Accenture, and IT security budgets are now as much as 15 per cent of all IT spending. However, 81 per cent of IT leaders also state that this is unsustainable and that staying ahead of attackers is a constant battle of escalation.

Cyber security attacks are an inevitability that all businesses should now be prepared for. Rather than simply investing in technology, and hoping for the best, however, IT leaders need to be strategic and undertake risk management that best suits their business profile.

Understanding where the threats lie

The dominant theme of this year’s 2022 Security Exhibition & Conference (17-19 August) is the importance of having an innovative, technologically advanced and competitive industry that will meet the challenges of a new era in security.

What this means is that every company, and every sector, will be facing different security challenges, and a successful response will be down to how the IT security leaders interpret and tailor the response to their specific situation.

The event will feature a cross-section of keynote presentations at the conference with that in mind, as well as exhibitors on the floor that highlight solutions in action. From the impact that emerging technologies like AI, IoT and 5G will have on the security environment, to the blurring of the boundaries between physical security and cyber security, and the future of the built environment, the conference will delve into the implications of security across a broad range of different sectors. Other keynotes will focus on standards best practices and, specifically, how Australian organisations should be responding to global security challenges.

For CIOs and CISOs looking to think strategically about security, the focus of the event will be on practical and actionable insights. Keynotes will include use cases and case studies, with the emphasis being on what is being done now, set against the overall business objectives of the modern enterprise. There will also be a networking dinner gala, that will allow executives to trade thought leadership and make connections that will be critical to the sector-wide holistic approach to security moving forwards.

Security is still the art of following best practices

One good example of how the ASIAL Security Conference, within the Security Exhibition & Conference event, will address practical solutions to security challenges is the deep dive into digital transformation that will be the focus of one of the keynotes.

As noted in a report by PwC, an effective security response still typically involves getting the basic best practices right. It notes the government advice that “patching the holes” is a critically important step, but also notes that this isn’t necessarily as straightforward as it might first seem. “Businesses need to identify all Internet-facing devices in the organisation, ensure updates don’t break other processes, that a patch exists for specific software and configurations, and that they have the means to implement the update,” the report notes. “This scale of the problem can be overwhelming, so businesses should seek help if they have doubts.”

The same report also notes that another standard security best practice – adopting multi-factor authentication – can be difficult for CIOs to get over the line in enterprises because of the complexity that it can introduce to the environment. For these reasons, PwC recommends that CIOs lean on their consultants, partners and other resources to complement internal resources.

This is especially true given that a further headache that IT executives face is a severe cyber security skills shortage. Fortinet research shows that 64 per cent of A/NZ organisations agree that the skills shortage creates additional risks for their businesses.

Despite these challenges, CIOs can also not overlook the need to continue on their digital transformation journey. One of the keynotes at the ASIAL Security Conference – delivered by PwC’s Asia Pacific Chie Digital & Information Officer, Vishy Narayanan – will address this combination of challenges, highlighting the role that leaders play in these new IT environments, and the role that behavioural change, above and beyond any technology investment, plays in delivering transformation in a secure and sustainable manner.

Raw investment into technology is not a solution to the cyber security challenge that organisations face. Rather, CIOs and CISOs need to develop a strategic approach that views security as an enabler and facilitator of innovation, rather than a bottleneck.

For more information on the Security Exhibition & Conference or to purchase tickets to attend the ASIAL Security Conference, click here.