In 2017, the IT security market will continue to evolve to meet a new and ever-changing range of cybersecurity threats. Meanwhile, the market for cybersecurity products and services is booming, but is also changing, with security functionality increasingly being delivered as a service from the cloud. Ovum estimates that spending on cybersecurity protection in 2016 by businesses will exceed $37 billion. In Asia-Pacific, firms are estimated to shell out $6.8 billion in 2016, with related services spend estimated at 5x more.
Next year Ovum expects next-generation security providers to step up to the plate. The time is right, and the requirement for better and more inclusive security facilities and services already exists. All that is needed is the ability to deliver.
The security intelligence community, with the vast amount of threat data it has available, claims to be able to identify and deal with cyber threats at the earliest opportunity. User entity behavior analytics (UEBA) and endpoint detection and response (EDR) suppliers make similar claims in their own areas of expertise. Nevertheless, IT decision-makers need to see measurable proof that newer forms of cybersecurity protection are making a real difference. Only then should they think about winding down the use of older, often signature-based, protection tools.
Assessing security readiness
As cybersecurity concerns become more prevalent, the key is to secure critical enterprise data based on business priorities. CIOs and CISOs should ask themselves
- What do I know about my most critical data? A useful approach to data discovery includes knowing the value of your data, knowing who has access to your data, knowing where your data is, knowing who is protecting your data, and knowing how well your data is protected.
- Do we have the right people to secure our critical data? IT employees may not be security experts, and they are ill-equipped to devise a robust security defense/protection. Work with experts to draw up cybersecurity readiness, response and remediation plans for the organization.
- Do we have the right process to secure our critical data? A responsibility assignment matrix is a must in case of a cyber breach. Who's responsible for investigating the breach, for fronting the media, or for contacting customers, third party suppliers, and legal? Who is accountable and is ensuring that all these processes are correct, thorough and executed flawlessly? Who should be consulted in the event of a breach? How have recent breaches been managed? Who needs to be informed of your progress and next steps?
- Is your supply chain secure? Take a closer look at external third party possession of key customer data, and how it is being used.
Enterprises must seek to:
Transform the behavior of all stakeholders. Not all data is equally precious, and enterprises should spend greater focus on prioritizing threats that are relevant to individual business operations and their most critical assets. A cavalier employee or third party attitude to security will render an ironclad plan ineffectual. Organizations must transform internal and external behaviors to tighten their security posture.
Make threat intelligence actionable. Many vendors claim to offer threat intelligence, but before making a decision, ask them how you will be able to use the data provided in your environment. Will it automatically feed into your SIEM tools? Will they prioritize the threats they are seeing with specific reference to your infrastructure/vertical market/geography?
Defend against attacks with a cybersecurity ecosystem. Look at the breath of joint partnerships between telcos/SIs and security vendors (such as IBM, HPE and so on) - and understand how these combine to provide security benefits. These should not obfuscate a security agenda that misses the forest for the trees.
Clement Teo is a principal analyst at Ovum
This article was first appeared in Telecom Asia Vision 2017 Supplement