According to a recent study by Symantec, “Internet Security Threat Report 2014”, 2013 was the year of the mega breach as we saw a 62 percent increase in the number of breaches logged. For each identity breached, the estimated cost is roughly $200.
In our digital world, it’s no longer a question of IF your company is going to suffer from a data breach but rather WHEN this will happen. During the MIT CIO Symposium, a panel of data security experts including Mark Morrison of State Street, Patrick Gilmore of Markley Group, and our own CEO Rob May discussed “Security and Privacy in the Digital Enterprise” and specifically how mobile devices, cloud applications and BYOD are all changing what it means for companies to be secure.
The state of technology is changing
Throughout the MIT CIO conference, there was quite a lot of talk on the Internet of Things. In the somewhat near future, everything will be connected - from our toaster to our cars. While this new world will be both convenient and exciting, it also raises serious privacy and security concerns. What if your connected car, with tons of personal data tied to it, was hacked? What if you were driving at the time? Could this connected device now become a massive hazard? With lots of new devices potentially connected through the Internet of Things, there needs to be serious discussions around security. IT professionals in charge of company security and privacy simply can’t control a situation where employees have data stored in multiple places across a multitude of devices.
Now, going back to the hacker scenario with the car. During the presentation, the panelists reminded the audience that hackers have evolved. The hacker in his parents’ basement trying to break into a company’s database simply for the challenge is no longer the profile that modern day security professionals are looking out for. Hacking is now much more organized. In some cases hackers are state supported and are considered professionals. So, as technology has evolved, so has hacking.
A shift in company culture and organization
To be more proactive about security and privacy in the digital enterprise, companies need to shift their thinking.
Cyber security has typically been viewed as a cost to the business which is the wrong attitude. The panel was adamant that someone will eventually steal your data so viewing cyber security as a cost with no real ROI is dangerous. Executives and the board need to think of this type of security as a core part of the overall business.
Companies need to be incredibly proactive in teaching people at their company what they need to know to keep data as safe as possible. The company culture needs to evolve where cyber security is not an obstacle but is deeply part of the culture and is viewed as an enabler to do business. An attitude of “we know this is hard but it’s not an option” is ideal, commented one of the panelists.
The term agile is often used to describe ideal business conditions and this word should translate into security as well. Remember, hackers don’t play by the rules so being as agile as possible is crucial.
With businesses incorporating more technology into their organizations every year, security and privacy are only going to become more important to the business. It’s key to remember that security and privacy should be viewed as an essential piece of the overall strategic goals of the business. The culture needs to shift internally where companies are constantly thinking about the security of their data…..because a breach is most likely just around the corner.