Security challenges CIOs face in digital era & things to note


Depending on digital technology to run business successfully is critical for organisations in digital era. The growing use of digital technologies such as Internet of Things (IoT) has made security more complex, creating new challenges for CIOs.

If internet was a revolutionary technology of yesteryears, the present and future is IoT.  IT market research agency IDC predicts that global IoT spending- hardware, software, services, and connectivity- would reach $1.29 trillion during 2015-2020.

At the same time, a recent report from cyber security firm McAfee showed that 2.5 million IoT devices were infected by malware Mirai botnet in Q4 2016.

Therefore, security and risk management leaders now need to develop resilient security programs based on digital trust.

What are the biggest challenges security and risk management leaders’ face today? According to Tom Scholtz, vice president and Gartner Fellow, Chief information security officers (CISOs) are tasked with strategic planning in a digital business environment where agile and bimodal are critical to success. They also need to acquire talent to manage the IoT and integration of operational technology.

Some of the major IT industry players have already executed such strategies. For example, Cisco recently said it will train 250,000 students in India to become networking, security and IoT experts. IBM, on the other hand, plans to make an investment of $70 million for building digital, cloud and cognitive IT skills to support workforce in Africa.

Scholtz further notes that  security teams have to stay current and proactive. They need to be aware of new technologies and the vendor landscape to determine what to adopt into their security programs. They also need to understand the latest security threats because the threat landscape is evolving rapidly and becoming more complex.

In order to protect organisations from vulnerabilities, they are asked to follow the General Data Protection Regulation (GDPR), the new EU privacy and personal data protection law going into effect in 2018.

Risk and compliance leaders also need to evolve and shift their focus on compliance to managing risk effectively to protect the organization. Risk and compliance leaders must make sure their organizations understand the risks and accountability associated with new technologies as they invest in digital business initiatives.

Meanwhile, business continuity management (BCM) leaders must continue building IT and business operations while facing threats that are more serious, as well as frequent disruptions. They have to protect against disruptions, but also plan for how their organizations overcome them and minimize their impact.

Technologies with self-defence

Gartner analyst says user and entity behavior analytics (UEBA) are important, as is understanding and institutionalizing adaptive security architecture.

In addition, Artificial Intelligence (AI) can deliver context-based situational intelligence to improve security decision making. Blockchain is transforming digital commerce and has potential value for security as a means of supporting more distributed trust.

New technologies create new risks

AI generates intellectual property that must be protected, like algorithms and institutionalized knowledge that defines what is normal for an organization’s systems.

Gartner says that the right hack could have catastrophic effects on an organization’s production system. AI opens the door to more subtle forms of disruption, too. For instance, a hacker may just make tweaks that do not bring an entire system down so that small failures go unnoticed.

Therefore, security teams have to stay current and proactive. They need to be aware of new technologies and the vendor landscape to determine what to adopt into their security programs.

[email protected]