RESOLVING HIGH-TECH'S SECURITY CHALLENGE

Similar documents
COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

THE ACCENTURE SECURITY INDEX

The State of Cybersecurity and Digital Trust 2016

THE POWER OF TECH-SAVVY BOARDS:

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

THE ACCENTURE CYBER DEFENSE SOLUTION

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

WHAT S DRIVING CITIZENS CYBER INSECURITY?

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

DIGITAL TRUST AT THE CORE

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Run the business. Not the risks.

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Leading our discussion today

with Advanced Protection

Security in India: Enabling a New Connected Era

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Cybersecurity. Securely enabling transformation and change

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Shifting focus: Internet of Things (IoT) from the security manufacturer's perspective

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

INTELLIGENCE DRIVEN GRC FOR SECURITY

State of Cloud Survey GERMANY FINDINGS

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

TRANSFORMING WEST MIDLANDS POLICE A BOLD NEW MODEL FOR POLICING

Securing Your Digital Transformation

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Best Practices in Securing a Multicloud World

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Does someone else own your company s reputation? EY Global Information Security Survey 2018

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Combating Cyber Risk in the Supply Chain

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

2015 VORMETRIC INSIDER THREAT REPORT

People risk. Capital risk. Technology risk

Symantec Data Center Transformation

Cyber Resilience - Protecting your Business 1

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

FOR FINANCIAL SERVICES ORGANIZATIONS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

THALES DATA THREAT REPORT

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Emerging Technologies The risks they pose to your organisations

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Cyber Security in Smart Commercial Buildings 2017 to 2021

Cybersecurity and the Board of Directors

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

SOLUTION BRIEF Virtual CISO

Rethink Enterprise Endpoint Security In The Cloud Computing Era

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

RSA Cybersecurity Poverty Index

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

CYBERSECURITY RESILIENCE

Vulnerability Management Trends In APAC

Building a Threat Intelligence Program

A new approach to Cyber Security

Business continuity management and cyber resiliency

to Enhance Your Cyber Security Needs

Q&A TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL. An interview with John Summers, Enterprise VP and GM, Akamai

HEALTH CARE AND CYBER SECURITY:

Healthcare IT Modernization and the Adoption of Hybrid Cloud

TRUSTED MOBILITY INDEX

Express Monitoring 2019

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

THALES DATA THREAT REPORT

CA Security Management

Preparing your network for the next wave of innovation

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Disaster Unpreparedness June 3, 2013

CISO as Change Agent: Getting to Yes

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Better skilled workforce

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

Global Information Security Survey. A life sciences perspective

Security in a Converging IT/OT World

The Third Annual Study on the Cyber Resilient Organization

Spotlight Report. Information Security. Presented by. Group Partner

Effective Cyber Incident Response in Insurance Companies

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

Transcription:

RESOLVING HIGH-TECH'S SECURITY CHALLENGE

CONFIDENCE MASKS VULNERABILITY: ASSESSING CYBERSECURITY PERCEPTIONS Steeped in innovation and cutting-edge technology, the high-tech sector attracts serious attention from hackers and malicious offenders worldwide. Recently, targets have expanded exponentially, from the latest artificial intelligence breakthroughs to massive caches of proprietary customer data. Despite the industry s exceptional access to the best digital talent and technology worldwide, online threats continue to increase. In part, this danger results from the incredible progress the digital revolution has experienced. Thus, as high-tech players and their customers embrace the profusion of online digital advances (often generated by the industry itself), the number of attack surfaces widens and deepens to include employees, vendors and partners. That changes the game, even for highly accomplished digital players. However, even within this select group, companies still adopt start up mentalities and habits. For example, some companies remain averse to rigorous planning and processes due to fears they will slow innovation. Others have accumulated significant technical debt due to the lack of updates required for patching backlogs and other remediation techniques, and because of the belief that technology solves all problems. Rather than investing in their tech-heavy toolbelt, companies continuously buy and implement the latest products and solutions to handle security threats, resulting in a duplication of capabilities and a proliferation of under-utilized technologies. Given these realities, the industry needs tight and easy security solutions that align with their business strategies, which translates into meticulous, yet lightweight planning and processes, including making better use of the tools they already have and configuring them to achieve superior return on investment (ROI) results. It also requires companies to add the process wrappers and people training required to extract optimum performance from every tool. 2 RESOLVING HIGH-TECH S SECURITY CHALLENGE

THE LOWDOWN ON HIGH-TECH S DIGITAL SECURITY CHALLENGE While companies mainly express overall confidence in their cybersecurity capabilities, some concerns have emerged lower down in the high-tech stack. Accenture s recent global survey of 2,000 security executives, which included 185 high-tech industry professionals, revealed that two-thirds of the latter respondents expressed confidence in their cybersecurity strategies. Additionally, nearly that many said their organizations have completely embedded cybersecurity into their cultures and viewed it as a board-level concern supported by their top executives. Companies are experiencing numerous serious breach attempts: nearly 145 annually. At the same time, the survey indicated that these companies are experiencing numerous serious breach attempts: nearly an average of 145 annually; a quarter of which get through. That translates to an average of three effective attacks a month. Amplifying the problem, 40 percent of those surveyed said it can take their companies months or even up to a year to detect the breaches, and their internal security teams discover only about twothirds of them. Even more troubling, over 40 percent said that their greatest cybersecurity impact comes from malicious insiders, while 60 percent lack confidence in their organization s internal monitoring capabilities. Despite widespread acknowledgement that internal threats have the most impact, companies continue to focus their investments on external security issues, with almost 60 percent prioritizing perimeter-based controls against outsiders instead of addressing the high-impact threats coming from within the company. 3 RESOLVING HIGH-TECH S SECURITY CHALLENGE

CHANGES IN THE CYBERSECURITY LANDSCAPE Unlike many other sectors, which have experienced massive dislocations due to the digital revolution, the high-tech industry s cybersecurity landscape has undergone changes in degree rather than kind. The pioneering digital sector, hightech long-ago gained an online footing and thus has built on that advantage going forward. One expanding shift involves the deployment of many new systems partly or wholly in the cloud. While the cloud enables new and attractive business models and delivery options, it also exposes new security weaknesses and avenues of attack, thus fundamentally changing the security model required to keep things safe. Other new attack surfaces attractive to adversaries include systems such as digital analytics, operational supply chains and Internet of Things (IoT) networks. Not only are new attack surfaces emerging at a record pace, the amounts of data in circulation are exploding. With the costs of memory and computing power plummeting, the rise of big data analytics and the arrival of the first waves of IoT information, incoming data that once resembled the output from a fire hose has become a tsunami. As a result, companies need to protect much more company data and customer information, often dispersed far beyond enterprise walls and accessible via an ever-widening array of end points. Even as high-tech companies in large part drive the digital revolution, they often find themselves playing catch-up on cybersecurity. 4 RESOLVING HIGH-TECH S SECURITY CHALLENGE

Even as high-tech companies in large part drive the digital revolution, they often find themselves playing catch-up on cybersecurity much like companies in other industries. Research showed that executives across industries expressed serious concerns about threats from within the organization. According to an Accenture survey of enterprise security professionals, insider corporate data theft and malware infections are among the biggest threats to digital businesses. 1 Over four in 10 of the participants in that survey expressed concerns about the theft of corporate information and just under half are similarly concerned about the theft of personal information. However, only 32 percent of high-tech players can readily identify the business s high-value assets and business processes the crown jewels of the company. High-tech players on average suffer three effective breaches per month attacks that can take them months or years to discover. To recap, high-tech players on average suffer three effective breaches per month attacks that can take them months or years to discover. Their internal security teams typically only identify two-thirds of these attacks, the most serious of which come from within the organization itself, while 68 percent of high-tech respondents can t identify the business s crown jewels. And yet high numbers of companies expressed confidence in their cybersecurity strategies. This conflict exposes a level of vulnerability within the industry that could manifest itself in dangerous ways. High-tech companies don t have a strong picture of how bad things might be, which is keeping them from acting faster and with more determination to change approaches, train employees, and fortify currently weak cyber defenses. While most security teams in high-tech have concerns, the problem is getting from concern to action in a meaningful way. Companies need to rethink, reframe and reenergize their approaches to cybersecurity. 5 RESOLVING HIGH-TECH S SECURITY CHALLENGE

REBOOTING HIGH-TECH S CYBERSECURITY STRATEGY To survive in this contradictory and increasingly risky environment, organizations need to reboot their approaches to cybersecurity. What s required is an end-to-end approach that considers threats across the spectrum of the high-tech industry s value chain and a company s specific ecosystem. That means identifying and minimizing business exposure and focusing on protecting the company s crown jewels. The following steps can help high-tech organizations overcome limited perceptions and deal effectively with the high-impact cyber threats they face. DEFINE CYBERSECURITY SUCCESS To reframe cybersecurity perceptions and build a new definition of success, leaders should seek the answers to several questions: Can they confidently identify all priority business data assets and their locations? Are they able to defend the business from a motivated adversary? Do they have the tools and processes to identify and respond to a targeted attack? Do they know what their adversaries really seek? How often does the organization practice its plan (to get better at responses)? How could targeted attacks affect the business? Does the company have the right alignment, structure, team members, and other resources to execute the cybersecurity mission? 6 RESOLVING HIGH-TECH S SECURITY CHALLENGE

PRESSURE TEST DEFENSES Pressure-testing company defenses helps leaders to understand whether they are really able to withstand a targeted, focused attack or not. Organizations can engage white hat external hackers in a real sparring match with their cybersecurity team to quickly determine whether it s capable of defending the enterprise. PROTECT FROM THE INSIDE OUT Attackers know what they want, but usually not where it s located on the network. In contrast, cybersecurity professionals have the advantage of knowing which key assets need to be protected. By focusing on these key assets, organizations can concentrate on the relatively fewer internal incursions that have the greatest impact. INVEST TO INNOVATE AND OUTMANEUVER One reliable approach involves looking across seven key cybersecurity domains to identify potential opportunities for future investments in innovation. Currently, fewer than 45 percent of high-tech respondents expressed confidence in their capabilities regarding any of the seven domains. Business alignment assesses cybersecurity incident scenarios to better understand those that could materially affect the business. Governance and leadership means focusing on cybersecurity accountability, nurturing a security-minded culture, monitoring cybersecurity performance, developing incentives for employees and creating a cybersecurity chain of command. Strategic threat context drives organizations to explore cybersecurity threats in order to align the security program with the business strategy. Cyber resilience is the company s ability to deliver operational excellence in the face of disruptive cyber adversaries. Cyber response readiness means having a robust response plan, strong cyber incident communications, tested plans for the protection and recovery of key assets, effective cyber incident escalation paths and the ability to ensure solid stakeholder involvement across all business functions. The extended ecosystem should be ready to cooperate during crisis management, develop third-party cybersecurity clauses and agreements, and focus on regulatory compliance. Investment efficiency strives to drive financial understanding concerning investments across cybersecurity domains and the allocation of funding and resources. 7 RESOLVING HIGH-TECH S SECURITY CHALLENGE

MAKE SECURITY EVERYONE S JOB Virtually all high-tech survey respondents (99 percent) said that the company most frequently learned about breaches not detected by the security team from employees. In fact, a company s people represent its first line of defense, which is why firms need to prioritize training and continually refresh cyber talent across the business. However, given extra budget, fewer than 20 percent of high-tech companies said they would invest it in cybersecurity training. LEAD FROM THE TOP To succeed, CISOs need to step beyond their comfort zones (e.g., compliance audits, cyber technology) and materially engage with enterprise leadership on a day-to-day basis. Doing so will require them to speak the language of business to make the case that the cybersecurity team represents a critical pillar in the battle to protect company value. 8 RESOLVING HIGH-TECH S SECURITY CHALLENGE

RESTORING JUSTIFIABLE CONFIDENCE As their digital security strategies and organizations mature and innovative solutions emerge, high-tech organizations that tie cybersecurity efforts to real business needs will gain justifiable confidence in their ability to deal with the threats that inhabit today s changeable and dangerous digital world. 9 RESOLVING HIGH-TECH S SECURITY CHALLENGE

AUTHORS PAOLO DAL CIN Managing Director Accenture Security Communications, Media & Technology, Global Lead STEVE CURTIS Managing Director Communications, Media & Technology Security Lead, North America IOANA BAZAVAN Managing Director Communications, Media & Technology Security, Global High-Tech Lead FOOTNOTES 1 New Report Finds Insider Corporate Data Theft and Malware Infections Among Biggest Threat to Digital Business in 2016, Accenture news release, June 27, 2016. https:// newsroom.accenture.com/news/new-report finds-insider-corporate-data-theft-andmalwareinfections-among-biggest-threatto-digital-businessin-2016.htm ABOUT ACCENTURE Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions underpinned by the world s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 401,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com. FOR MORE INFORMATION ON ACCENTURE SECURITY, PLEASE VISIT: http://www.accenture.com/hightechsecurity Copyright 2017 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.