This is Yolanda.
As chief information security officer or CISO of the web application company for which she works, she is responsible for keeping her company safe from digital threats and ensuring all data is protected.
Amid an increase in a number of high-profile data breaches, Yolanda is challenged to balance the rapidly evolving environment and the opportunities that it provides with risk. With so many IoT and cloud-based applications, services, and infrastructures around, she is worried about an attack surface that may not even be visible to the IT team that she leads.
Yolanda contemplates telling the IT team to deploy yet another security solution. She also contemplates buying the latest security hardware that was just released.
Then it hits Yolanda: She doesn’t need another security solution and she doesn’t need to buy new security hardware to load into the company’s network. She needs to reimagine security!
So, she goes online to do some research and comes across an authoritative report detailing recent networking trends that every security leader needs to be aware of.
1. The Internet of Things (IoT)
Experts predict that by 2020 there will be 4.3 Internet-connected devices for every man, woman, and child on the planet. Additionally, revenue resulting from IoT is estimated to exceed $300 billion in 2020. There are three different groups of IoT devices and companies likely implement at least two of them: Consumer IoT, Commercial IoT, and Industrial IoT.
The security challenges of IoT are real as many IoT devices were never designed with security in mind. Infected or compromised IoT devices can spread malware and disrupt or steal critical data. Vulnerable IoT devices can be weaponized and used to create massive business disruptions and denial-of-service attacks. And if IoT devices interact with operations systems, the results of a compromise can be devastating.
2. Moving to the Cloud
According to Forbes, in the next few years, 92% of workloads will be processed by cloud data centers, while only 8% will
continue to be processed by traditional data centers. Security, however, is often cited by CEOs and CIOs as the primary factor keeping them from fully adopting a cloud-based computing model.
The weakest link in cloud security lies in the millions of remote devices accessing cloud resources. Cloud security depends on controlling who is let into the network and how much they are trusted.
The primary driver for most cyber attacks is financial, and nothing demonstrates this more than the dramatic rise in ransomware. According to some experts, the total cost of ransomware for 2016 topped a billion dollars, and this success is likely fueling its continued growth.
Ransomware as a service allows fledgling cybercriminals to now participate with virtually no technical training or skills.
But the impact of ransomware on affected organizations goes beyond money. Public ransomware attacks can undermine consumer confidence and deflate brand value. And if a company fails to adequately prepare for such an attack, it may also include legal consequences.
Armed with this and more information, Yolanda realizes it is necessary for her to rethink her traditional, siloed approach to selecting and deploying security tools for her company. She decides to transition to a holistic security strategy that allows her to effectively detect and defend against advanced threats.