A mindset shift
At many enterprises, cybersecurity is now top of mind. Yet as the threat landscape grows in both scale and complexity, business leaders are losing faith in their ability to keep their organizations and customers safe. This crisis of confidence can only be addressed by a new approach that shifts security from a process to a mindset.
Confidence in cyber resilience measures slipped from 2017 to 2019
Know your weak spots
The proliferation of connectivity, data and cloud-based platforms has put many of the security tools and techniques enterprises traditionally rely on at risk of obsolescence. In pursuing the opportunities emerging technologies bring, businesses should also be conscious of the security challenges they present.
Cloud computing
Ubiquitous connectivity means any system is only as strong as its weakest link, and opens the door to a broader range of bad actors.
Data
Enterprises are getting better at protecting customer information, but the massive volumes of data they generate and use is a tempting target, and represents a new dimension of risk.
The IoT
Connected devices have become a security soft spot as more appear on corporate networks and the lines between work and home blur.
“The idea with zero trust architecture, is that you don’t trust devices just because they’re on your network, and you don’t trust everything that a system does just because you created that system.”
Robin Doherty
Lead Security Architect, Thoughtworks
Complex supply chains
Most businesses depend on a large and tangled web of suppliers, vendors and partners to take care of day-to-day functions and deliver to customers, meaning it’s not just their own security practices they have to consider.
From security policies to security culture
A fresh, more future-proof approach to security starts with the acceptance that there will be occasional failures, and the acknowledgement that it’s a shared responsibility. By focusing on extending security capabilities beyond the security team and making it clear that effective risk management is also a means to create value, business leaders can help ensure any security breach is a learning experience rather than an existential threat.
“There’s a problem when you think of security in isolation. You need to build the talent in existing teams so they understand the extra things they need to do to put security in place.”
Harinee Muralinath
Capability Lead, Thoughtworks
Conclusion: Planning for the unknown
No organization can predict with certainty what security risks lurk around the corner, but that’s no reason not to try. Even as the nature and variety of threats evolve, experts see reasons for optimism about enterprise security as new digital tools and techniques, and better practices, emerge in response. Businesses are learning that it pays to focus on the basics - and to think outside the box.
“Will you always see what’s coming perfectly? No chance. But can you do better than passively waiting? Absolutely.”
Jim Gumbley
Cybersecurity Principal, Thoughtworks
Perspectives delivered to your inbox
Timely business and industry insights for digital leaders.
The Perspectives subscription brings you our experts’ best podcasts, articles, videos and events to expand upon our popular Perspectives publication.