Thursday, November 10, 2011

Deloitte: Cyber Intelligence - Tech Trends 2011

In 2010, security and privacy graduated from IT department concerns. C-suites and boardrooms took notice of highly visible incidents, ranging from malware-infected motherboards from top-tier PC manufacturers, to information theft from a leading cloud provider, to the manipulation of the underlying routing tables of the internet redirecting traffic to Chinese networks. At the same time, the regulatory environment around sensitive data protection has become more rigorous, diverse and complex. Organizations are aware of the shifting threat profile and are working to deal with technical barriers as well as sophisticated criminal elements. Incidents are increasingly originating in the trust vector – due to inadvertent employee behavior via the sites they visit, the posts they access on social media sites or even the devices they bring with them to the workplace. A “protect-the-perimeter and respond-when-attacked” mentality is no longer sufficient.

Yet the vast majority of businesses in 2011 have only limited capabilities to detect and react to point-in-time breaches. Vulnerabilities are understood based on past events – not based on emerging cyber threats or on the actual risk profile of the organization.

Cyber intelligence represents a vastly more sophisticated and full set of threat management tactics, providing tools to move to a more proactive "over the horizon" threat awareness posture. Cyber analytics looks to detect patterns across systems, networks, physical security logs and external cyber-threat intelligence analysis to predict future attacks. Cyber forensics is moving beyond root-cause analysis to include tracking of where attacks came from and detailed tracing of what they were doing after the infiltration. Cyber logistics adopts an outside-in view of security, protecting against compromises in the value chain – from upstream suppliers to personnel sourcing. Powerful tools can allow advanced incident response, triaging “how” and “from where” attacks originated. And cyber security remains a key component – creating identity, access and control frameworks to safeguard assets, while embedding enforcement policies and procedures throughout the organization.

In 2011, security incidents remain nearly unavoidable. By building cyber intelligence capabilities, the impact of incidents can be contained, the source of threats understood and learnings codified into controls that can help prevent future incidents. But beyond developing broader disciplines, organizations must embrace security and privacy as foundational to their business. Cyber intelligence efforts need to be championed by the C-suite, funded as a strategic priority and empowered to become part of the operational genome of the company.

No comments:

Post a Comment