Digital transformation initiatives are forcing organizations to rethink their cybersecurity strategies. BMC and Forbes Insights conducted a security survey among more than 300 C-level executives around the globe to examine today’s biggest cybersecurity threats and new security models being pursued to fill the gaps.
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
How Will Your Cloud Strategy Impact Your Cyber Strategy?
1. How Will Your Cloud Strategy Impact Your
Cyber Strategy?
Build a new security model to close today’s security gaps
and effectively wage cyber warfare
2. Interviewed
• Cameron Brown, Former
Forensic Specialist, United
Nations
• Scott Crowder, CIO, BMC
• Paul Lewis, CTO, Hitachi Data
Systems
• Betty Elliott, Head of InfoSec &
CISO, Moneygram International
• Michael Matthews, CIO,
Deluxe Corp.
• Sean Pike, Program Vice
President, Security, IDC
• Surveyed over 300 executives across North
America and Europe
• 66% CIO/CTO/CISO/CSO
• 34% VP/SVP of Tech of InfoSec
• All companies had at least $100M in revenue, and
50% had
revenue >= $1B
• Interviewed industry experts, analysts, and
customers
BMC partners with Forbes Insights
2nd Annual Security Operations
3. 69% Say Digital Transformation is Forcing
Changes to Cybersecurity Strategies
Responds to
new digital
competitors
Solidifies and
grow market
share
Serves shifting
customer
demands
4. 3 New Technologies Are Creating
the Biggest Security Challenges
Why?
Clouds and mobile
apps send data
outside secure
firewalls
Big data apps
centralize data, for
easy access by
thieves if they breach
defenses
Public clouds (65%)
Big data (63%)
Mobile apps (61%)
6. The Challenge: Act Now or Leave
Corporate Assets Vulnerable to Hackers
CIOs and CISOs must expand
efforts to:
Address sophisticated armies of
global cyber-thieves, many of
whom are backed by national
governments
Close the new security gaps that
arise as their organizations
embrace digital transformation
7. The Trade-Off: Boards Must
Balance Investments for Security
and Next-Gen Business Technology
say security was a higher priority in 2016
82%
say security investments will rise again
in 2017
76% AND
of CIOs
75%
of CISOs
But these executives also
acknowledge that when
lobbying for additional
security funding, technology
execs are competing with
business peers, all of whom
are trying to convince the
board where it should
allocate money.
8. The Answer: Follow 3 Steps to Create a
Secure Enterprise Operations Strategy
Backed by a Solid Execution Model
Target security
spending for the
biggest impact
Redouble efforts
to secure
mission-critical
assets
Address
organizational
and cultural
issues
9. Step 1 for Waging Modern Cyber
Warfare: Target Security Spending
for the Biggest Impact
64%
will increase
investments in 2017
for protecting against
known security threats
plan to enhance
incident response
capabilities in the
next year
68% Organizations
mitigate damages
from today’s
biggest risks
• 43% say investments in IT
patch and automation had
best ROI
The Result:
10. Step 2 for Waging Modern Cyber
Warfare: Redouble Efforts to
Secure Mission-Critical Assets
will devote more
personnel and
technology to ensure
the enterprise is
never breached
will combine security and
operations personnel into
teams dedicated to
specific mission-critical
applications
47% 45%
Organizations
optimize security
activities for their
most valuable
resources
The Result:
11. Step 3 for Waging Modern Cyber
Warfare: Address Organizational
and Cultural Issues
agree that line-of-
business managers
must take a greater
role in developing
security strategies
say operations
accountability for
breaches will increase
72% 52%
A culture of
security permeates
the organization to
more effectively
fight cybercrime
The Result:
12. The Benefits of a Modern Cybersecurity
Strategy Are Undeniable
Safeguards
enterprises at a
time of change
Targets
investments for
biggest benefits
Stays current with
latest exploits and
cyber-thieves
Increased market share,
sales, and customer
satisfaction
13. expanded vulnerability
discovery and remediation
to fend off hackers
say security investments
will rise in 2017
60%
82%
say digital transformation is
forcing changes to
cybersecurity strategies
will boost spending to
protect against known
threats
plan to enhance incident
response capabilities
69%
64% 68%
Re-engineering Security Playbooks
in the Age of Digital Transformation
Key Takeaways
14. Additional Resources
Learn more about today’s biggest cybersecurity threats and the new
security model that can fill the gaps
Read the full report, “Enterprises Re-engineer Security in the Age
of Digital Transformation”
Notes de l'éditeur
On January11th BMC announced its second annual security survey done in partnership with Forbes Insights.
Forbes insights is the strategic research and thought leadership practice of Forbes Media, a global media, branding and technology company whose combined platforms reach nearly 75 million business decision makers worldwide on a monthly basis. By leveraging proprietary databases of senior-level executives in the Forbes community, Forbes insights conducts research on a wide range of topics to position brands as thought leaders and drive stakeholder engagement. research findings are delivered through a variety of digital, print and live executions, and amplified across Forbes’ social and media platforms.
Details of the survey methodology include
Surveyed over 300 executives across North America and Europe
66% CIO/CTO/CISO/CSO
34% VP/SVP of Tech of InfoSec
All companies had at least $100M in revenue, and 50% had revenue >= $1B
Interviewed industry experts, analysts, and customers
Cameron Brown, former Forensic Specialist with the United Nations
Scott Crowder, CIO, BMC
Paul Lewis, CTO Hitachi Data Systems
Betty Elliott, Head of InfoSec and CISO, Moneygram International
Michael Matthews, CIO, Deluxe Corp.
Sean Pike, Program Vice President, Security, IDC
The purpose of this presentation is to review some of the key highlights of the report.
So why should anyone be looking at their security strategy? What events have occurred that have caused the current methods or practices to be out of date?
69% said that digital transformation initiatives have caused them to reconsider their security strategy.
Many have pursued a digital strategy as they respond to newer and more nimble digital competitors – organizations that were built from the start considering the needs and demands of an online or digital business. As customers with vast legacy infrastructures try to match them step for step they frequently run into challenges.
A digital transformation strategy is the way many are trying to solidify or grow their market share – possibly in new countries around the globe which also creates new security and compliance headaches.
Lastly – the constant demand from an increasingly technology led customer base. People demand convenience and speed and quality. Switching costs for many products and services are at an all time low, so in order to achieve any level of loyalty a key component of the strategy must be to be constantly evolving the offerings.
How has digital transformation impacted you?
How has digital transformation changed the technology landscape?
Cloud, cloud, and more cloud. 65% listed the usage of public clouds as one of their biggest security concerns, with Hybrid clouds picking up 60%. Big Data and Mobile apps also ranked high and have a clear and direct dependence on cloud capabilities.
One of the easiest ways to get code out quickly is to leverage cloud resources, but with that speed comes a price and for many security has paid it. Cloud can expand the attack surface exponentially as entry points are created. Many organizations are struggling to understand the implications of their cloud usage on security as they try to map out where data is going and how to protect it, and how not to leave doors open to attackers.
What are your biggest concerns?
We asked organizations what they were most concerned about protecting. The results were a little surprising.
The two of greatest concern were theft of corporate financial information, and the release of customer sensitive information – these beat out brand damage and IP by over 10 percentage points each.
What are you most concerned about?
The challenge facing every organization is to act now, or to suffer the consequences at the hands of hackers. They ARE investing in their skills and abilities. They are taking advantage of open source tools, they are organizing together in syndicates. This is no longer a hobby, its an all out attack. Failure to act may have devastating consequences.
Link - http://www.cio.com/article/3150231/security/top-15-security-predictions-for-2017.html
Article discusses the top security predictions and stresses importance of acting now and the organization of hackers
What are your plans?
“Do you devote money to maintaining the old environment and preventing security problems that might happen or do you invest in technology that could be a game changer for the business unit?”
-- Scott Crowder, CIO, BMC
82% said they plan to invest more in security in the upcoming year. Like all business decisions, you need to make your case, and its hard to make a case on “this could happen” scenarios. In the next few slides we elaborate on how you can place your investments in the areas with strong hard savings that will help win over budget.
So how do you start?
BMC can help customers in a myriad of ways. One of the biggest first steps is to sit down and figure out where the biggest areas of opportunity are and then build a plan to address those.
Target security spending for the biggest impact – make sure those dollars are working
Redouble efforts to secure mission-critical assets – by their nature these are more complex and more bran power is needed to work on them. Free those resources up by making strong investments in item 1.
Address organizational and cultural issues – money can’t fix everything. Some of it comes from the tone and tenor of the organization.
Let’s walk through these steps and see which are of most interest to you to dig deeper.
A great strategy is about balance. In security its about balancing the known with the unknown. Or mastering the known so resources are freed up to deal with the unknown.
64% will increase investments to protect against known threats. This includes things like patching and remediation of known vulnerabilities – 43% said the investments in IT patch and automation had the highest ROI of all their security investments.
60% said that better vulnerability id and remediation was the best way to make themselves less attractive targets for hackers
Mastering the known is one stream of activities – and with strategic investments in automation to remove manual processes, it can free up already taxed resources to work on the unknown.
As such - 68% will invest in incident response capabilities for the next year.
What are your plans?
43% say investments in IT and patch-automation systems delivered the best ROI in 2016
Take care of the mission critical assets. In many organizations the systems that are least up to date on patching are those with mission critical applications. This is largely because people are most afraid to touch these. The most frightening piece of that equation is that these are likely also the biggest targets with the most sensitive data. So what do we do.
47% of organizations plan to devote more personnel to these efforts, and 45% plan to combine the security and operations teams dedicated to these specific mission-critical applications. It is likely you will also see the line of business manager thrown into this mix as 72% believe the LOB owner should also take a greater role in security as they have the most intimate knowledge of the application.
What these stats tell me is that there really isn’t a great plan at the moment, but the initial salvo will be to throw some more bodies at it to get to a reasonable conclusion . We expect to explore this conversation more with our customer over the coming months and with the next set of research. Likely topics to come up will be – how best to prioritize changes, how to make sure we don’t suffer from alert fatigue, how do we use the data we have in a meaningful way, what are the best testing strategies?
A key question will be – are you able to dedicate the resources to this to figure it out? That’s what makes step 1 so critical.
54% will develop a corporate culture that makes everyone in the company responsible for security
Simply changing org charts or throwing teams together – by itself rarely has any kind of meaningful or lasting impact. In order for security to be a priority, it needs to be seen that the executives and leaders are making it a priority, and that focus is inherent to everything from day to day interactions to performance metrics.
As mentioned previously 72% believe line of business managers need to take a greater role in developing security strategies – they need to be AWARE of the security posture and they need to be designing with security in mind. They need to be part of the process of keeping their applications up to date and not the source of “no, you can’t touch that”.
Interestingly the operations team is poised to take a bigger role in security, with 52% saying that accountability for breaches will increase over the next 12 months. 47% said that operations will all have increased accountability for ensuring that known remediations are applied within established service level agreements.
This increased level of scrutiny in performance metrics will be a potentially unwelcome change for many as they do not have a clear way to measure – do you have a way to measure performance against SLAs for patching/remediation? What does it take to do it?
Are you ready to improve your cybersecurity strategy?
What areas have interested you the most?