Cyberspace presents an incredible amount of opportunity for today’s organisations. Connectivity, innovation, productivity and collaboration are just some of the benefits on offer. However, cyberspace presents equally significant risks. Those risks can have huge impact and visibility; it seems that a week cannot go by without another cyber incident being splashed across internet feeds, newspapers and websites. This visibility means that cyber risks have the attention of the executive management of every organisation.
Cyber risks include targeted attacks, advanced persistent threats, data loss, denial-of-service attacks, hackitivism, negligent and malicious insiders, reputational damage, cyber espionage and nation state threats. In 2011, Symantec blocked over 5.5 billion malware attacks, an 81% increase over the previous year, witnessed a 36% increased in web based attacks and an increased focus and intensity of advanced persistent malware. Furthermore, Symantec observed a significant increase and diversification in targeted attacks with a large number of attacks focused on non public sector organisations and over 50% of attacks being directed towards non executive roles.
These cyber risks are not a new phenomena but a rapid evolution in the ever changing threat landscape. Ubiquitous (or hyper) connectivity, exploding data volumes, rapidly evolving IT platforms have driven a new realm of complexity and a resultant mutating threascape to which few organisations are enabled to address.
To be protected in today’s world, organisations must move from a position of organisationally bound information security to proactive cyber resilience introducing new concepts into traditional information security practices such as enhanced threat intelligence gathering and correlation, enabled cyber protection agility and co-operation in cyber security partnering ecosystems.
To become proactively cyber resilient, it takes a new appreciation of the volatile threat landscape, a desire to modify existing security practices and the knowledge that it cannot be done alone.