News: Enterprise information security budgets set to double in size to kill digital risks.
The inability of IT security teams to manage risks in the digital age will put businesses in jeopardy, with one in six set to be hit by a major service failure by 2020.
According to Gartner the lack of directly owned infrastructure and services outside of IT’s control will need to be addressed by cybersecurity, in order to avoid those 60% of digital businesses being impacted.
However, analysts predict that in four years time, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30% in 2016.
This will assume greater importance as 25% of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls within the next 18 to 24 months.
The "Cybersecurity at the Speed of Digital Business" report highlights the fact that safety will become an ever-growing issue as the technology world, being this IT and OT, gets mixed with the physical world, the IoT.
This is already being felt today, with a Cisco’s study finding that 71% of non-IT executives admitted that concerns over cybersecurity are impeding innovation in their organisations.
To help solve the problem, Gartner says that a material shift in culture, behaviour and technology is required.
In the report, analysts say that security officers will work more like intelligence officers and trusted advisors, as citizen and business unit IT becomes the dominant model.
It will be impossible to annihilate all risks, however, but analysts are confident that companies will learn to live with acceptable levels of digital risk. Digital ethics, analytics and a people focus will be as important as technical controls.
Gartner has also indentified five areas of focus on which digital businesses can build their cybersecurity strategy to mitigate risks.
First, in the ‘leadership and governance’ space, the organisation says that improving leadership and governance is more important than developing technology tools and skills when addressing cybersecurity and technology risk in digital business.
To address digital business risk and security, Gartner tells businesses to stop focusing on check box compliance, and shift to risk-based decision-making.
Businesses are also advised to stop solely protecting infrastructure, and begin supporting business outcomes, as well as stop being a defender, and become a facilitator of digital interaction.
It also tells businesses that they should stop trying to control information. Instead, they should determine how information flows. In addition, organisations need to accept the limits of technology and become people-centric
Gartner also says that businesses need to "stop trying to perfectly protect your organisation, and invest in detection and response".
Moving on from the first area of focus, Gartner explores ‘the evolving threat environment’, where incident response must address recovery and resilience in the face of aggressive business disruption attacks.
The third area of focus corresponds to ‘cybersecurity at the speed of digital business’. Here, analysts explain that traditional security approaches designed for maximum control will no longer work in the new era of digital innovation.
The whole business landscape is set for a profound change and things like business opportunities, development, decision-making and expectations will have to be addressed in a "timely and efficient manner". This will drive the need for new skills and practices.
The fourth area of focus has been labelled as ‘cybersecurity at the new edge’. This addresses the shift in how businesses host data.
Previously, data security was easy to protect as it resided in a single data centre. As digital advanced, data has been shifted towards new and disrupting models beyond the data centre such as the cloud, SaaS, OT, mobile, and others.
Organisations are therefore in need to address cybersecurity and risks in technologies and assets they no longer own or control.
Lastly, ‘people and process: culture change’ is Gartner’s final key area of focus. This addresses the fact that businesses need to look not only at the technology side of their strategy, but also at the culture shift within their organisation, including employees, customers and partners, whose cybersecurity needs must be attended.
Paul Proctor, VP and distinguished analyst at Gartner, said: "Cybersecurity is a critical part of digital business with its broader external ecosystem and new challenges in an open digital world.
"Organisations will learn to live with acceptable levels of digital risk as business units innovate to discover what security they need and what they can afford. Digital ethics, analytics and a people-centric focus will be as important as technical controls."