By Paul Williams, country manager – Southern Africa at Fortinet
As organisations embark on their digital transformation journeys, they are seeking to tap new business opportunities, improve operational efficiencies, and deliver better services to customers. Digital transformation is driving businesses to embrace the cloud, the Internet of Things (IoT), big data, and other digital initiatives in ever-expanding waves, forcing them to reinvent and automate everything from decision making to customer service.
With these opportunities come new cybersecurity challenges. The threat is real. Gartner predicts that 60% of digital businesses will suffer major service failures due to the inability of security teams to manage digital risk. Part of the problem revolves around the fact that security isn’t seen as a critical business problem by senior executives and board members alike.
Cybersecurity, Still Not a Board-level Focus
This issue is emphasised in our Global Enterprise Security Survey. Surveying over 1,800 IT decision makers, Fortinet found that almost half of respondents believe that security is still not a top priority discussion for the board. At the same time, they also strongly contend that cybersecurity should become a top management priority, with 77% of respondents indicating that the board needs to put IT security under greater scrutiny.
One would assume there would have been a substantial uptick in interest by boards as a result of some of the most recent security attacks—and the dire implications they had on the targeted businesses. However, even though boards do react when security attacks occur, their actions are generally reactive rather than prescriptive. Specifically, boards appear more involved in post-breach management than prevention. For example, 77% of boards demand to know what happened after a security event occurs, and 67% review or increase security budgets. Security leaders obviously still have much work to do in up-leveling security to the board level.
No organisation is immune from the threat of breaches, ransomware attacks, or operational disruptions. Companies of all sizes and shapes as well as all industry segments are targets. Findings from the Fortinet IT decision maker survey provides corroboration. 85% of respondents suffered a security breach in the past two years, with almost half reporting a malware or ransomware attack.
Why Cybersecurity Is Becoming a Board Priority
There are a number of factors driving boards, executives, and IT decision makers to make cybersecurity a top priority in 2018. Let’s take a look at a few of the more significant ones.
- Security Breaches and Global Attacks. The vast majority of organisations have experienced some type of security breach or attack in the past two years. 49% of survey respondents said their organisations increased their focus on security following a global attack such as WannaCry. Increased publicity and attention, along with implications on brand reputation and business operations makes these board-level issues rather than IT operational undertakings.
- Attack Surface. The adoption of the cloud, emergence of IoT, and growth in big data expands both the circumference of the attack surface as well as its complexity. 74% of survey respondents indicate cloud security is a growing priority for their organisations. Half say their organisations plan cloud security investments over the next 12 months. IoT is just as big a factor when it comes to the ever-expanding attack surface. The number of connected IoT devices is predicted to balloon to more than 8.4 billion by yearend according to Gartner. Of these, 3.1 billion belong to businesses. As many IoT devices are difficult to protect, experts concurrently predict that more than 25% of all security attacks will target IoT devices by 2020.
- Regulatory Compliance. New government and industry regulations are also increasing the importance of security. 34% of respondents indicated that these regulations heighten the awareness of security at the board level. Passage of the General Data Protection Regulation in the EU, which goes into effect in 2018, is one such example.
These trends are forcing cybersecurity to be seen as a strategic issue, within an organisation’s broader risk management strategy, rather than a simple IT investment. To succeed in their digital transformation efforts, IT security leaders must rethink their cybersecurity approach with a view to extending visibility across the attack surface, shortening the window between time to detection and mitigation, delivering robust performance, and automating security intelligence and management.