The famous author, James Joyce, once said: A man's mistakes are his portals of discovery. That’s true in life and when it comes to security. After 20 years in the security industry, the greatest lessons I’ve seen businesses learn are from their mistakes. And recognising they could have been avoided.
The rise in cybercrime over the last few years has caused widespread paranoia amongst the general public and businesses. While there is genuine cause for some concern, there are not millions of cybercriminals out there trying to steal our identity or take down our companies. The real threat is much closer to home.
The British Airways outage is a perfect example. Its IT systems failure crippled a number of flights in the air and grounded many more, impacting over 70,000 passengers and costing the business over £150 million. Once the outage hit, everyone’s first thought was: cyberattack. No one can blame people for jumping to that conclusion, given this year alone the business world has experienced some of the biggest attacks we’ve ever seen – from WannaCry to NotPetya. But BA was quick to dispel the cybercrime rumour. And it turns out they were right. The outage was caused by an IT engineer not following the right protocol and the company’s backup generators not kicking in quickly enough. Just fifteen minutes of downtime resulted in millions of pounds lost, a blemished brand, and an IT team and system in desperate need of a closer look.
Gartner predicts that by 2018, information security investment will reach $93 billion a 7 per cent rise in just a year. As more businesses move their applications and systems to the cloud, there’s no doubt that will continue to rise. Small businesses are already more concerned about the threat of cybercrime than they are about Brexit, with plans to invest more than £3.8bn over the next 12 months, according to a report by Barclaycard.
As data increasingly becomes a company’s most precious commodity, protecting it is now its greatest concern. But that fear shouldn’t be of balaclava-wearing cybercriminals. It should, however, be of blind spots within the organisation. If businesses are able to spot weaknesses before a hacker does, they’ll always be one step ahead.
Maintaining stability in an era of uncertainty
There’s no greater challenge today than striking a balance between digital transformation efforts and business continuity. There’s a huge amount of pressure placed on business leaders to stimulate business innovation quickly while working with IT to ensure they’re “keeping the lights on” with an IT foundation that is a stable, secure, compliant and reliable. The reality is as the business continues to grow, so does its exposure to threats.
With digital transformation spending set to reach 2 trillion by 2020, worldwide modern IT systems will only become more complex. Finding a way to make critical infrastructures resilient and robust while constantly innovating introduces an inevitable element of instability and unpredictability that can be a challenge to manage.
That said, security shouldn’t stifle innovation. Companies need to embrace disruptive technology trends such as Cloud and Mobility as a way to easily integrate new practices into existing business processes as a way to achieve that balance. It enables the business to introduce new customer services and products quicker and at a lower risk.
Fear has no place in an organisation’s drive for innovation. CIOs need to focus on developing innovative business services that are built on the organisation’s existing IT foundation and layered with new delivery models and platforms. Bridging the old and the new enables an organisation to innovate faster at a lower risk – making any fear of cyberattacks or data breaches obsolete.
No matter where an organisation is in their transformation journey, there are four things every business should consider when establishing the company’s strategy:
· Automation is your saviour: Ensuring patches for frequently used software are automated means an organisation can prevent breaches like the infamous WannaCry attack. The ransomware hit over 300,000 computers round the world, all because a Microsoft patch released two months prior wasn’t downloaded.
· Business agility reduces risk: Harnessing the power of DevOps means organisations are able to build, test, and deploy at a greater speed and with minimal risk. IT Operations and Developers work closely together to ensure business continuity is maintained and secure without compromising on innovation. It provides the competitive advantage companies need to grow and thrive.
· Keep access to data secure: This may sound like a given, but it’s so often overlooked. Bupa, the health insurance company, recently compromised over 500,000 customer’s data because an employee had access to sensitive information. Having the tools in place to control and monitor the access to critical or sensitive data and systems by both internal and external users is essential.
· Be proactive, not reactive: Largely because it will be too late. Any system that has been idle or not failed in a while should take priority as it means the business does not have enough experience dealing with potential bugs or vulnerabilities. If a threat strikes the company is two steps behind. Remember what 15-minutes did to British Airways?
Even with all of that said, expect systems to fail. And don’t become complacent. If organisations build, test, and deploy applications in a repeatable, reliable and secure way, it can reduce the company’s exposure to risk and ensure applications are rolled out faster.
One company that’s taken a fearless approach to innovation and security is Netflix. They’ve deployed a beautiful piece of technology called Chaos Monkey, which combs through the back halls of Netflix and automatically switches off applications as needed making it more resilient to potential failures. It’s always working behind the scenes, relentless in its pursuit of safety.
Netflix is one of the most innovative entertainment companies today and their ability to strike that balance is what every business needs to strive for. Innovation and security go hand in hand. Those that recognise it and act quickly will capture opportunities that threaten the livelihood of any competitors. So instead of bringing the fear of cybercrime into the next strategy meeting, encourage the business to look a little closer at its own operations which will undoubtedly reveal the real threat to the company’s survival.
Geoff Webb, vice president of strategy, Micro Focus
Image Credit: thinkpublic / Flickr