Why is Security So Important?
Article by Rishikesh Kamat
- Filed under:
- Managed Security Services
Increasing cost and complexity of technology, proliferation of cyber crime, stringent nature of compliance and ever increasing sophistication of advanced threats are all leading to security to become extremely important for organizations to sit up and take notice, explains Rishikesh Kamat, Netmagic Solutions
Before I get into security services and how it can help you improve your organizations security posture, it is important to understand what the general mindset of IT organizations when it comes to security.
While there is an ever-increasing threat landscape, there is still complacency when it comes to discussing security among some Indian companies. What I hear many a times is that ‘everything seems ok so why change things’ or ‘let us not fix something that is not broken’. It is difficult for IT executives to show the value of security investments, when the investments actually lead to a protection of attacks. Again, it is a case of “what is not seen is assumed to not exist” that leads to difficulties in driving down the importance of implementing security solutions. Such a mindset will only lead to financial, reputational and legal damage to a company
Changing Nature of Threats
If you go back 10 years, the main intent of attackers or intruders who ‘hack’ into a company’s network was to prove worthiness of the attacker himself. “See how cool I am” a student level enthusiasm if I may.
This slowly graduated and attacks became motivated by instant financial gains and for defaming a company or a brand by brining down the network. Today it is a full-fledged industry of professional hackers, malware developers, malware delivery channels, etc. complete with the physical leg of money mules who help realize the gains from fraudulent activities
Over the last few years, the threat agents have matured to include nation states and funded groups specifically targeting organizations or countries for either stealing intellectual property or to bring down critical infrastructure, thereby rendering a direct impact to the nation’s economy.
Even if an organization is not a direct target, Some of these threats can compromise a company’s network to use the infrastructure as a relay point to target other organizations. A classic DDOS attack is a classic example for this
Let us look at the key reasons organizations should consider for implementing security
- Data loss or Intellectual Property loss: I have vital information that needs to be protected
- I don’t want to be a relay for attacks on someone else
- I am a target because of the business I run – reason could be political, economic, competition, etc.
In the first case, organizations realize that something has been stolen after the event happens. From a purely commercial stand point this does the heaviest damage because the company loses not only information but also reputational loss, penalties, legal issues from regulatory or compliance, etc.
The second case is more of a productivity loss and issues pertaining to compliance and legal. For instance if 100 desktops in an organization is affected with malware, they can be used as a relay point for spreading this as well as steal vital information from the network. In India we lack the enforcement of regulations that penalizes companies that become relays with legal implications. But this is getting tougher and stringent and organizations are feeling the heat.
In the third case, there is clear financial gain for the attacker, loss to reputation for the organization and legal implications that rise from compliance and regulations.
Attacks today are no longer about showcasing technical prowess. It has become malicious, deliberate and persistent. It is time security managers to sit up and take notice of the underground industry that is flourishing and getting more sophisticated in nature. So “good enough” security posture is not really enough to address the volatile nature of security threats today. A second-rate, outdated security strategy will not only result in business loss but also ultimately bring down the business.
Proliferation of cyber crime, compliance and regulatory environment become more stringent, advanced and sophisticated nature of threats all have driven security to move up the value chain of importance within organizations to become mission-critical initiative that needs serious focus and investment.
Increasing cost and complexity of technology have made the task of creating a secured enterprise all the more tougher for organizations to manage on their own without huge investments.
But there is light at the end of the tunnel. Managed Security Services is fast growing as the choice for companies to opt for increasing their security posture without having to make those huge investments.
My next post will talk about the need for these experts to be a part of your business strategy and how they can help with various business parameters that will affect the growth of the business.