You could say that 2015 was the year cyber-crime became mainstream. We saw companies from all over the world including the likes of Talk Talk, JP Morgan Chase and Ashley Madison all come under scrutiny as their breaches became global news. It's repeatedly on the news agenda as it's pervasive and growing in complexity and persistence. Breaches are not only detrimental to business, but major brands also run the risk of reputational damage due to the inconvenience and the exposure their customers are subjected to.
As a result, 2016 is the year when the priority will be to shift tactics to combat the increasing number of hackers by abandoning outdated security strategies to protect intellectual property and other assets. But how can this be achieved?
Of course as with all change, the first step is for more security leaders to start admitting that their current processes are falling short in the first place, and look at new strategies and methods which have a more realistic chance of protecting the organisation. These failings are no fault of the security teams and technology of old, but rather a recognition that businesses function differently these days, and therefore require a different approach to securing them.
This isn't a new theory by any means, and is something which many experts have been stating for a while. However, despite the obvious ‘clean slate' advantages of starting afresh with security solutions, there will still be a large section of CISOs who are unwilling to let go of their sunken costs and look forward. To succeed they will need to abandon the old ways of securing the enterprises – with bigger walls and more event tracking – and adopt the new micro strategy which takes advantage of network virtualization and IPsec to isolate the underlying infrastructure in a much more granular and controlled way.
Einstein said it best when he said, “Insanity is doing the same thing over and over again and expecting different results.” Simply put, more IT leaders in government and commercial enterprises need to realise that investing more in yesterday's ineffective technologies will, this year, not yield any different results.
Year of the micro
The answer to this is micro-segmentation, as it allows enterprise managers to quickly and easily divide physical networks into thousands of logical micro segments, without the historic security management overhead. This approach gives control back to the enterprise networks, without them having to deal with the firewall rules and outdated applications, all the while embracing remote users, cloud-based services and third parties that have all become targets for attack in today's world.
This new micro-segmentation model will start giving the good guys the advantage in the fight against cyber-attacks. With new containment strategies, organisations will have the ability to work at the Internet Protocol (IP) packet level, which makes it easier to apply anywhere a company's data goes - from data centers to public clouds, to employees on the move to suppliers around the world. Micro-segmentation is driven by existing identity management systems, so it is simple to establish communities of interest for authorised users across all of these technologies. It is one of the ways which CISOs can ensure that their organisations stay ahead of the pack and in the strongest position possible when it comes to security.
It is clear that the impact of the major breaches of 2015, which has been reported as having an average cost of £107 for each lost or stolen corporate record, ensured that security is no longer just a technology issue. Instead it is now seen as a business issue that requires prioritisation from the top down. We will see the security function evolve to no longer report solely to the CIO.
Boards will start to care and take real action and make cyber-security expertise a requirement across the C-suite. Security is now a top agenda point in the boardroom as business reputations are once again at risk. Organisations will no longer be allowed to take the position of standing by and watching cyber-attacks unfold – they will finally have the power to react rather than prevent. As a result proactivity will be the key word for 2016, with micro-segmentation being a major player and step in the right direction for innovative organisations that are serious about security.
Article by Tom Patterson, Unisys vice president of global security