The days of securing your business by protecting its perimeter are gone. With the fast growth of cloud, mobility, social, BYOD and integrated supply chains plus the ongoing increase in threats it is no longer possible to rely on single methods of protection. Local organisations are under constant threat and a holistic approach needs to be adopted to identify security vulnerabilities and breaches. Both information security threats and breaches have evolved intensively and security practices have simply not kept pace. Consequently, 83% of New Zealanders have already experienced a cyber security breach. On a business level, Phoneme research has found that globally US$135 is the average cost per record lost and that there is now a 22% chance that your business will experience a security breach over the next 24 months.
What this means, is that all businesses, regardless of size or sector are vulnerable to all manner of security attacks, and there is a significant financial impact when it happens.
The following key points were observed at the conference:
- Breaches are a very real and constant threat to all New Zealand organisations, with 42% of breaches coming from malicious or criminal attacks ie; malware, criminal insiders, social engineering or SQL injections. A further 30% is due to human error via negligence & contractors. Whilst 29% are due to business process failures.
- Security now needs to be a key C-level role within organisations, it is no longer 'just an IT issue' but needs to be integral to business at every level. Without it, security threats, attacks and subsequent breaches can go beyond reputation damage but see businesses cease trading altogether. However, creating this new role needs full\ support across the organisation from a governance level to daily operations. A culture of security needs to be ingrained throughout organisations.
- Once a culture of security is embedded security intelligence can be utilised to sift through the volume of traffic and 'noise', identifying credible threats using analytics. In a proactive sense a classification system can be overlaid on your data, to ensure the data of highest value has the most protection. When security breaches occur, and they will, they can be identified promptly.