The new internet revolution, and the IT infrastructure that is needed to support it, is constantly growing and evolving. In the last few months, there have already been a series of high profile security breaches – one of which happened just a few days ago! Further, the dependency of businesses on third party software and infrastructure, has meant that business continuity, in light of such attacks, is continual. It is for this reason, that security should be on the enterprise radar, and elevate from being a mid-management prerogative to one that is discussed openly and frequently in senior management discussions.
As the penetration of digital products and services increases, so does the risk that businesses face when securing them. Attacks have been getting sophisticated and innovative, and enterprises are often left struggling to keep pace with developing and implementing new security mechanisms – mechanisms that are constantly being evaded and countered by malicious entities. Enterprise security, as we know it, has changed.
Rising security concerns
In the coming years, here are some security concerns that will need to be addressed by enterprise IT.
Vulnerabilities will continue to be exploited: The folly of enterprise adoption cycle remain inertia to quickly address vulnerabilities. This could remain a concern, as Gartner predicts 99% of such vulnerabilities will be used against enterprises. Ensuring regular patching and updates should counter this threat.
Shadow IT will be a point of attack: With many users being technologically savvy, IT is now plagued with the rise of ‘shadow IT’. Often such software and utilities are downloaded for specific purposes by various functional teams, and represent an entry point for attackers. IT will need to incorporate a process that ensures that such software are audited for security threats, and group policies limit access to download and execute applications without prior consent. Further, IT should also ensure that policies silo business critical software and hardware.
Growing state intervention: Vested interest in consumer data and behaviour, has led to government or state sponsored attacks. Such attacks could be a political and legal quagmire for businesses.
Sourced code: With many businesses leveraging vendors to develop code, there is the need to be skeptical about code security. There is a possibility for code to have back doors, and enterprises need to undertake code security as an imperative.
BYOD and IoT: The introduction of consumer devices and IoT in the workplace provides for a smorgasbord of security concerns. Hardware and software on such devices may be compromised, and open enterprises to attack. Rather than shun it, enterprise IT should embrace it, and develop policies for how such devices access networks and data.
Skills and expertise will be a challenge
With attacks changing the security dynamics every day, it begins imperative for enterprise IT teams to develop skills and expertise – such skills and expertise can be developed by investments in trainings or leveraging third party partners and consultants. While security breaches are becoming the norm, cognizance of the fall out of such breaches and evaluating them extensively will be required. Adopting a realistic assessment of the enterprise, and collaborating on security with stakeholders, partners, and other companies will help enterprise IT truly address cyber threats effectively.