This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
With reports of large-scale hacking attacks in the past year a common news headline, 2015 did not score well when it came to cybersecurity awareness. In 2016, it is more crucial than ever for executives to take control of cybersecurity to protect their businesses and customers while delivering innovation.
Together with Forbes Insights, BMC reached out to executives in North America and Europe to get their perspectives on critical issues surrounding cybersecurity threats. These threats are not geographically specific, and are also prevalent in Asia Pacific. A few notable examples from 2015 include several attacks by Anonymous, a hacktivist group, on Thai government sites, as well as a privacy breach at Kmart Australia, which exposed customers'personal information.
With cybersecurity threats on the rise, businesses should begin to build a game plan to eradicate the problems from the root. Here are three key findings from the Forbes Insights report that could serve as guidelines for this game plan.
1. Security breaches occur even when vulnerabilities and their remediation have already been identified
On the surface, vulnerabilities may seem trivial or easy to fix. Ideally,a business would scan for vulnerabilities, prioritise them, and then set off to fix those with a known patch before working to address the rest. However, in order for this chain of steps to happen, there has to be a significant level of engagement and collaboration between the security and operations teams. As a result of misaligned or conflicting priorities, inability to come to a consensus between both teams may result in delayed remediation.
2. Security and operations teams have little understanding of each other's requirements
The security team is responsible for keeping the business secure, while the IT operations team works to keep the business up and running. After running a scan for vulnerabilities, the security team then hands off to operations to fix the problems. If the operations team are not clear which vulnerabilities have patches, the severity of the different vulnerabilities, or the impact of the patch on the production environments, they will either fail to prioritise or ignore it all together. This gap between security and operations is known as the "SecOps" gap.
3. Poor coordination puts a strain on labor costs for security and operations departments
In this context,the misalignments go deeper than just teams not meeting regularly. When the security team runs scans and produces reports,they may not be delivering information that the operations team considers actionable. The operations team then has to go through and figure out which vulnerabilities have a known patch, and also make an assessment of how severe the risk. This places a huge drain on already tight resources.
Sign up for CIO Asia eNewsletters.