In continuation of our series on the Logicalis Global CIO study, Ricky Magalhaes, Head of Offshore Security at Logicalis Jersey, explains why security concerns are top of mind for over six in 10 CIOs worldwide.
Towards the end of 2016, the UK’s Chancellor of the Exchequer, Philip Hammond, announced that the government would invest £1.9bn to make “Britain a safe place to do digital business”. He observed that, without trust in the internet and the infrastructure on which it relies “the whole digital edifice will fall away”. He’s not alone; the US Department of Defense’s (DoD’s) cyber security capabilities are being questioned and China is introducing new cyber security laws.
This is certainly a top of mind issue for CIOs too, according to our CIO survey. In an every changing and increasingly sophisticated threat landscape, security is the number one issue for 61% of CIOs.
Understandably so, and CIOs face a daunting task. Most of them are taking their organisations in brand new directions. In many cases, change is positive and trial and error is healthy – you can learn from mistakes. But a cyberattack is not the sort of lesson a company wants to learn from.
Consider having to jump in the car to make a lengthy journey. The journey might be a necessity but your safe arrival depends upon certain conditions – primarily enough petrol in the car, a working satnav, good road conditions and a healthy state of mind. Throw in a few road bandits and joy riders along the way and the threat levels will flash from amber to red.
Well, CIOs brave new journeys every day. Most have moved at least some of their company’s workloads to the cloud and while the business case for doing so is widely understood, security remains a concern. Indeed, more than three quarters (78%) of CIOs worldwide cite security as the number one challenge associated with increased cloud usage.
The perfect security storm
As the CIO study notes, the conditions for cyberattack are ripe.
The combination of the IoT, distributed IT and the increased pervasion of apps into the very core of the business, along with an ever-evolving threat landscape – represent a perfect security storm.
Like the cloud, the IoT phenomenon is exciting and terrifying in equal measure. IHS forecasts that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. That’s progress but connected devices also represent a glut of access points for nefarious individuals to take advantage of. And the threat is not simply theoretical, as exemplified by recent stories in the press, of insecure IoT devices being marshalled into colossal botnets and used to launch distributed denial-of-service attacks on important websites.
CIOs need to face their fear
To some extent risk is just part of life. People fly in aeroplanes even though reports of plane crashes punctuate the news; people ski down icy mountains, even though ski accidents are common.
You can’t limit your opportunities out of fear, nor can you ignore the risks and live recklessly. But you can assess your exposure to risk and take the necessary precautions.
We recently learnt that an unidentified criminal gang launched a distributed DDoS attack on multiple high street institutions – Lloyds Group was badly affected. Customers couldn’t access their digital banking services for more than two days.
The Lloyds attack suggests that while the bank has gone to great lengths to protect customer accounts, it neglected its traditional infrastructure – the very systems it uses to enable customers to access their accounts.
But as more customers turn to digital services and that perfect security storm gathers, its not just banks that will need to take a more comprehensive approach to security.
Make no mistake. For organisations of all shapes and sizes, security-as-a-topping is not sufficient. Baking security into the very fabric of the organisation is the only way CIOs can truly banish the triple threat of IoT, apps and distributed IT – to weather the perfect storm.