Security Trends 2015: CISO Needs To Think Differently

by CXOtoday News Desk    Dec 12, 2014

cyber threats

With cyber attacks getting more sophisticated by the day, security will continue to remain a major concern for enterprises in 2015. As adoption of cloud and mobility is on the rise, data security gets significant focus, as threats and risks are high.

According to IBM’s third annual 2014 Chief Information Security Officer (CISO) study, more than 80 percent of security leaders believe the challenge posed by external threats is on the rise, while 60 percent already agree their organizations are outgunned in the cyber war.

However, technology remains critical component in addressing threats.

Even a Trend Micro report warned that targeted attacks are on the rise and they will continue to multiply in 2015.

As per IBM, sophisticated external threats were identified by 40 percent of security leaders as their top challenge with regulations coming in a distant second at just under 15 percent.

As enterprise leaders continue to outline business priorities, external threats will require the most organizational effort over the next three to five years – as much as regulations, new technologies, and internal threats combined.

So, how can chief security officers deal with it?

“The challenges faced by CISOs and their teams are expanding every day with new evolved threats and regulations outpacing their ability to innovate,” said Vaidyanathan R Iyer, Leader, IBM Security Solutions, IBM India Pvt Ltd.

“CISOs need to use their growing influence within the organization to help teams evolve their security posture, bringing in powerful new software and services that leverage data analytics and cloud security to fight today’s sophisticated attacks, no matter where they occur.”

IT budgets are high, but what is fundamental is to know where to invest.

“Securing the enterprise has taken on a whole new meaning and requires a new set of information technology tools. CISO will have to navigate the changing landscape and make the most strategic business decisions on IT investments today,” says Chris Christiansen, Program Vice President, Security Products and Services at IDC.

Emphasizing on new technologies like IoT, wearable computing and cognitive technologies, Symantec’s APJ security predictions for 2015 stated that attacks on the Internet of Things (IoT) will focus on smart home automation. As the horizon of technology expands, the role of CISO in an enterprise too needs to evolve.

Gartner says over 20 percent of enterprises will heavily invest in security for business initiatives using IoT devices by 2017.

Although the projected number is far less, “the power of an Internet of Things device to change the state of environments and of itself will cause CISOs to redefine the scope of their security efforts beyond present responsibilities,” says Earl Perkins, research vice president at Gartner.

Currently, there is no guide to secure IoT. ““However, it is possible for CISOs to establish an interim planning strategy, one that takes advantage of the ‘bottom up’ approach available today for securing the IoT,” says Perkins.

Apart from security and risk management, the CISO should also essentially have insights into business practices to create an effective information security setup. “The growth of BYOD strategies, cloud deployments and social media has changed the scope of information security and it will continue to transform the CISO’s role in business in the coming months,” says Christiansen.