In 2012, then-FBI Director Robert Mueller observed: “There are only two types of companies: those that have been hacked, and those that will be.” A glance at the headlines over the intervening six years bears out that statement. And with the drastic implications to organizations, such as Equifax’s $4 billion loss of market capitalization, the stakes have never been higher.
Therefore, the need for adequate cybersecurity strategy and technology is obviously vital. But what organizations really need to get to grips with, is that there is no end goal when it comes to cybersecurity. Because security is an ever-changing dynamic of resources, threats and solutions, it’s not enough for organizations to refresh their cybersecurity strategy annually; in fact, according to our recent study “Securing the Digital Future,” most organizations are now reviewing and updating these strategies on a quarterly or even monthly basis.
The reason for this is threefold:
- New technologies: Technologies such as Internet of Things (IoT), mobile applications, cloud computing and machine learning are reshaping the way we work and the work we do, as well as how organizations recognize value in the years to come. At the same time, these technologies also pose new entry points for hackers, such as new logical vulnerabilities.
- New data: As organizations develop new technologies and add intelligent sensors to more of the goods they produce, vast new streams of data are being generated, and this will only increase moving forward. However, with this data onslaught comes new and changing risks.
Vast unstructured data sets are ready and waiting to be infiltrated. Data exfiltration is an area that should be given continuous attention by organizations; data stewardship, the requirement to responsibly handle data, will become a significant construct in data security. The imminent arrival of the General Data Protection Regulation (GDPR) in the EU, as well as New York’s Personal Privacy Protection Law, the Chinese Cybersecurity Law and Russia’s Privacy, Data Protection and Cybersecurity Law, are all the start of state-led regulation in regards to stewardship, and could provide the tipping point for other countries to follow suit.
- Sophisticated adversaries: Like technology itself, cybersecurity threats are fast evolving. And with the money at stake, new and increasingly sophisticated hackers are coming onto the scene. A frightening example of this was the recent penetration of U.S. energy company systems that could be manipulated to sabotage the U.S. power grid.
Ultimately, cybersecurity needs to be an ongoing endeavor in every organization. Failure to adapt processes and systems on a regular basis will leave an organization open to further attacks. Hackathons, war rooms and threat modeling must become part of every business’s corporate dialect as threats are never consistent in the cyber realm; thus, neither is cybersecurity. Organizations will need to update, evolve and reimagine strategies and execution in order to remain secure.