C-SUITEPERSPECTIVESTrends in the CyberattackLandscape, Security Threatsand Business Impacts
Nikhil Taneja
Managing Director-India, SAARC & Middle East
C-suite executives understand thatto transform their businesses, they must embrace the integration of new technologies. Most rank improvement of information security and business efficiency as their main goals. Globally, executives indicate they are ready to embraceautomated processes as part of their security protocols. SECURING NETWORKS IS CRITICAL TO PROTECTING BRAND REPUTATIONS Executives are very concerned about the impact that security threats can have on business performance, pointing to the potential loss of customers, brand reputation and operational productivity. Many adjust budget priorities to better secure networks and prevent attacks. Events that most influence how executives view their companies’ security vulnerabilities include high-profile data breaches and nation-state attacks, cyberattacks on their organizations and governmental regulations.
RISK MANAGEMENT CALCULATIONS AFFECT SECURITY INVESTMENTS C-suite professionals actively monitor what’s happening with their networks. They face tough choices when deciding whereto invest resources to propel their businesses forward.Reported instances of ransom attacks jumped dramatically over the past two years. As the demand for security professionals outpaces the supply, executives are increasingly looking to carriers or ISP/CSPs to manage security.
NETWORK SECURITY CONCERNS VARY BY INDUSTRY The impacts of attacks on corporate networks can vary depending on the industry in which companies compete. Manufacturers that have long embraced automation as a means to boost efficiencies and production reported plans to integrate automation in security measures with a corresponding shift in their IT budgets. The finance/insurance industry continued its forward-thinking use of technology as a business enabler and reported plans to move operations to the cloud while continuing to focus on digital transformation. The retail/ wholesale industry is concentrating on managing the increasing complexity of the IT networks, digital transformation plans and the adoption of Internet of Things (IoT) as a means to better serve customers.
Securing the Digital Transformation Corporations are continually looking for ways to increase productivity and efficiency. Taking advantage of technology advances in their networks is a proven way to be more agile while reducing costs. Customers, employees, vendors and partners use mobile applications, chat bots, online portals, email and other tools to interact with brands daily. Every touch point adds a layer of complexity to the network that can introduce new, risky attack vulnerabilities.C-suite executives understand that, to transform their businesses, they must embrace the integration of new technologies while at the same time protect data privacy.
According to a survey conducted and responses sought from senior leaders from the Americas (AMER), Europe and the Middle East (EMEA) and Asia-Pacific (APAC): •70% AMER & EMEA executives and 80% of APAC executives are greatly concerned about data privacy •47%recognized that digital transformation activities place pressure on their organizations’ security planning and investment strategy •32% of AMER, 13% of EMEA & 18% of APAC executives rank new revenue sources as top 3 organizational goals •Most organizations host 25% to 50% of their business applications in the cloud •96% were “very” or “somewhat”concerned about network vulnerabilities •71%of executives reported shifting more of their network security budget into technologies that employ machine learning and automation •About 25% said that the focus of their budget sremained unchanged in this time period •Most Organzations worry about huge bandwidth cost by Public cloud providers due to DDOS attacks. •Globally, nearly four in10 executives trust automated systems more than humans to protect them against cyberattacks
A secure climate for customers Corporations’ networks are the lynchpin of interactions with customers who expect responsive applications, fast performance and above all, protection of their data.The foundation of the customer experience is a mix of trust and availability. Organizations’brands take a hit if either factor falters.C-suite executives are keenly aware of the effectof security threats on business.
Events that influence changes in organisations security: •61%- High-profile databreaches on peercompanies •59%Data breachor cyberattackwith ownorganization •48%Governmentalregulationslike GDPR, PCI,HIPAA, etc. •37%Change in C-suiteleadership
Balancing Investments and Risks As the threat of network attacks becomes a question of when, not if, organizations must carefully evaluate the risks associated with security vulnerabilities and the costs of implementing effective security solutions. At the same time, C-suite executives face tough choices when deciding where to invest resources to propel their businesses forward.
Even though the threat of network attacks hangs over their organizations,about 25% of executives do not have or are in theplanning stages of addressing key security concerns, such as performingsecurity assessments on new technology or working with educationalinstitutions to proactively recruit security specialists. Most executives across regions (65%–81%) feel that their internal security resources are sufficient to handle their security needs. Yet 66% believe that hackers could penetrate their networks. The internal skills gap is not easily solved because the demand for security professionals outpaces the supply. As a result, more executives need to look to outside security vendors for assistance.
C-SUITE VIEW OF CURRENT NETWORK THREATS, key findings: •66% had a hackerpenetrate their network •54% experienced a databreach from one ofits mobile applicationsin the last 18 months •57%had experienced a cyberattack in the last 12 months •50% were concerned about the security vulnerabilities created by use of multiple clouds
ImpactingVertical Industries The impacts of attacks on corporate networks canvary depending on the industry in which companiescompete. Security trends specific to the needs of some verticals:
Retail :In the retail sector, almost two-third organizations have a half of their businessapplications in the cloud and are concernedabout security vulnerabilities between cloudnetworks. A major cause of concern for the executive suite is the fact that almost 20 attacks have happened in the past year. Data breach withintheir own organization was the most influentialevent that affected their own security planning.This can be troubling because theyhave the most customer touchpoints on theirnetworks to enable e-commerce. Therefore this vertical definitely needs a security protections.
Manufacturing: Manufacturers have long embraced automationas a means to improve efficiencies and boostproduction. So it’s not surprising that they focus on managing the increasingcomplexity of their IT infrastructureswithplans to integrate automation (43%) to helpautomate security measures. To accomplishthis, about 75% of executives shared that they shifted moreof the IT budget into security automation. Also, most keep tabs on what’s happening in the marketplace, and two-thirdsreported that high-profile data breaches at peer companies were the most influential event that affected their own security planning.
Finance: Corporate networks are the lifeblood of financecompanies’ businesses, which is why thisvertical is likely to invest more in security toprotect its assets. For example, Deloitte5, whichsuffered a cyberattack in 2017, said that it plansto spend 580 million USD on security over thenext three years. These companies are especially awareof what’s happening at peer companies. About 86% reported that high-profiledata breaches at peer companies were themost influential event affecting their ownsecurity planning.
Looking forward, C-suite executives recognize the multiple pressureson their organizations to integrate new networktechnologies, transform their businesses and defendagainst cyberattacks, which are growing in frequencyand complexity.As more companies add a mix of multiple public and private cloud environments to their IT architecture, the introduction of new vulnerabilities puts corporate and customer data at risk.
The stakes are high. Security threats can seriously impact a company’s brand reputation, resulting in customer loss, reduced operational productivity and lawsuits, which reinforces that cybersecurity remains a priority in the minds of executives around the world.