How Cybersecurity is Enabling – not Defeating – Business Innovation
The Digital Economy is rapidly changing our world – seemingly as quickly as you can read this sentence there will be 50 billion devices connected to the Internet (Forecast by 2020: Cisco Internet Business Solutions Group). The Internet of Things (IoT), mobility, cloud, business intelligence and social media continue to generate unprecedented amounts of global IT traffic and immeasurable amounts of data. The ensuing insights fast-forward innovation at a breathtakingly swift pace – to the point where disruptive companies can redefine entire industries overnight.
Indeed, the internet has set in motion a wave of capitalism that will transform all sectors of business including: entertainment, media, banking, retail, healthcare and, of course, technology. To operate in the global digital playing field – where new rivals are unencumbered by rigid policies and thinking – astute firms are dispensing with hierarchical decision-making in favor of an environment that is more market-like and organic. In today’s world, leaders realize that there is no limit to what their organizations can achieve – but there is also unprecedented potential for displacement.
However, with companies racing to prove relevancy in the Digital Economy, attack surfaces are expanding faster than ever. At the same time, adversaries are becoming more sophisticated, creating threats that are increasingly pervasive and harder to detect. But this is where cybersecurity needs to meet – not defeat – business. A strong cybersecurity strategy can fuel innovation and growth because it fosters – not inhibits – the development of digital offerings and business models.
In fact, Cisco’s recent Cybersecurity as a Growth Advantage survey indicates that one-third of finance and line-of-business (LOB) executives view cybersecurity primarily as a growth enabler. Instead of thinking of network protection measures as purely “defensive” efforts, 44 percent of surveyed executives say cybersecurity delivers a competitive advantage. Two-thirds feel that cybersecurity is a “significant” driver of the success of their digital products, services and business models, given that nearly two-of-five reveal that they’ve had to halt mission-critical initiatives due to data defense issues.
For cybersecurity teams to truly emerge as business enablers, they must work with CIOs and LOB leaders to develop a partnership built upon trust.
In the past, trust was implicit and expected. CIOs, executives and workers went about their day assuming that the network and data was protected, even if they could not verify it. But the pervasive nature of current threats has changed all of this, setting in motion a transition from “assumed trust” to “verifiable trust.”
At Cisco, we are committed to an ongoing, proactive state of verifiable trust. Verifiable trust requires that you identify how your company’s products/services are designed, distributed and supported. You ensure everything is developed using a secure development lifecycle. You validate that your entire ecosystem – including your Value Chain of suppliers and authorized distributors – has security designed into every aspect of your business processes, technology and policies. Assumption, after all, no longer suffices.
We are continuing to find new ways to establish verifiable trust. For example, we introduced an auto data classification technique to distinguish sensitive data with speed and scale. As a result, we’ve learned that less than four percent of this data is actually considered “sensitive,” mandating rigorous levels of protection. This enabled us to implement a dynamic user policy and user differentiated role-based restrictions, providing speed and flexibility for the business while safeguarding the sensitive data.
You must deploy an integrated threat defense architecture that is capable of blocking a high percentage of the “bad stuff”; but we know they can’t prevent 100 percent – human error creates cracks in our defenses and advanced threats sometimes will get through. To detect and contain these threats we’ve deployed an active response program to extend our visibility of threats, catching them before they can do harm.
Gaining visibility into these unpreventable threats involves an investment near to or equal to that of the traditional defenses. Extensive instrumentation of the network and its resources enables collection of some 21 billion events per day while advance analytic techniques allow for the rapid detection of threats before they inflict damage.
It’s not all about technology either, as clear policies, education and awareness must take hold organization-wide to launch an effective, end-to-end, pervasive security posture to counter today’s advanced attacks.
By taking a holistic approach to security – combining technology, policies, and education and awareness – organizations can not only survive the next challenges of the Digital Economy, but thrive within them.