Of all the tools available in IT’s cybersecurity arsenal, perhaps a mirror would be a good investment.
After surveying 2,000 executives in 15 countries, Accenture concluded that corporate cybersecurity teams are missing a lot of the threats and breaches hitting their networks.
It’s not that they aren’t looking hard enough, says Accenture; it’s that they’re looking in the wrong place.
If that sounds harsh, let’s examine the evidence. According to the survey, only 65 per cent of breaches were discovered by internal security teams. The remaining 35 per cent (that’s more than one third) were detected by other employees, law enforcement officials or ‘white hat’ hacker types.
Is IT at least detecting these incidents in a timely, lickety-split fashion? Nope. Fifty-one per cent of respondents admitted it takes them months to detect successful breaches. Another 17 per cent said it takes them up to a year or longer.
Why is IT missing the boat on enterprise cybersecurity? Because, says Accenture, IT still looks outward far more often than it looks inward.
“They continue to prioritize external initiatives that produce the lowest return on investment,” the report suggests. “For example, 58 per cent prioritize heightened capabilities in perimeter-based controls against outsiders, instead of pivoting to address high-impact internal threats.”
Although external threats are a serious matter, there are problems with a perimeter-based approach that is too outward looking.
First, the idea that you can try to keep out all or most threats has really become unrealistic and archaic in an era of mobile, wearables and the Internet of Things. With breaches, it’s not a question of if they will happen, but when.
Second, simply erecting a fence around your network assumes that the biggest, most damaging threats come from outside of your organization. Well, that may not hold water.
When the Ponemon Institute surveyed about 1,300 employees and 1,600 IT pros worldwide, 76 per cent said insiders are the most likely threat to their internal enterprise accounts.
“Loss or theft of data is up sharply, and the leading cause is insider negligence,” Ponemon researchers declared.
So Accenture wants IT teams to look more closely for internal risks and threats. As the saying goes, it’s way easier to deal with ‘the devil you know.’
“Instead of attempting to anticipate a seemingly infinite variety of external breach possibilities, organizations can concentrate on the relatively fewer internal incursions that have the greatest impact,” the Accenture researchers write.
In other words, maybe there’s greater ROI potential in casting the cybersecurity net into your own pond (a pond you already know and navigate every day) rather than just building a dam against an ocean of faceless threats.
In Accenture’s estimation, looking inward means limiting internal access to key data, monitoring for “unusual employee network activities” and regularly reviewing access logs and permissions.
Accenture also wants more training and education for non-IT staff: “(They) represent (the) first line of defence … and also play a critical role in detecting and potentially preventing breaches.”
As laid out in the study, self-reflection requires figuring out exactly what you want to protect (what are your most important business assets?), why you need to safeguard them (what would happen if they were breached?) and how to mitigate the damage (do you have a plan to react and recover if there’s an incident?).
Once you identify your top business priorities, you can prioritize how to protect them. That doesn’t mean ignoring external threats. But it does allow you to be more strategic when investing your organization’s time, money and people in cybersecurity.
If enterprises hold up a mirror to their own organizations, maybe they’ll see that objects like security risks really are closer than they appear.
Image: Free Digital Photos