First the bad guys are not one step ahead…not always. A bad guy is like a striker in the soccer game while the security company as the goalie. Let’s assume we save nine shots out of the ten they aim at the net. But we don’t win as one miss makes them win the game by causing serious damage to the organization. That’s the challenge.
Also many organizations are easy targets for hackers because they haven’t run good vulnerability scanning solutions or the software is badly configured. A bad guy hence need not innovate but attempt the usual attacks with known vulnerabilities. Most companies unfortunately are bit lazy primarily due to digitalization (everything online) environment which is new area for them.
Companies can quickly put App in online space but the security can be super clunky. Security is more often an afterthought and not in the DNA for most of the companies. However some of them are now understanding the true meaning of holistic cyber defence. And that’s a good sign for the industry.
The Bucket List for CSOs
Samu Konttinen, President & CEO, F-Secure shares his bucket list for CSOs and CISOs to stay on top of their company’s security posture.
* Elevate yourselves from the realm of IT box to shoulder a more strategic role.
* Be partners for business stakeholders to enable the business and manage the risks.
* CSO role doesn’t mean bigger budget to buy more hardware and software than before.
* Understand that cyber defense strategy is much more of a process-driven journey.
* Your KRA is not upgraded IT security but rather performing your role more holistically.
Samu’s threat landscape for 2017
1. Ransomware will continue to be a big menace for all-size organizations in different forms.
2. Mirai type (DDoS) hijack cases wherein IoT space will be harnessed more for cybercrime.
3. The ‘first-of-its-kind’ ransomware cases expected with connected cars, IoT devices etc.
4. Nation or state cyber aggression between different countries due to new USA president.
Sign up for CIO Asia eNewsletters.