Despite increasing concerns about the safeguarding of vital corporate and client information databases and a global drive towards stronger regulation regarding privacy, the vast majority of businesses have only limited capabilities in place to detect and react to point-in-time breaches.
Mark White, US Consulting Chief Technology Officer (CTO) at Deloitte, who is in South Africa for the first time to address local audiences on the ‘Technology Trends of 2011 – The natural convergence of business and IT”, presented his key findings this morning at a function held at the Deloitte corporate offices in Johannesburg.
“Chief IT officers today need to be more than just stewards of the business and strategists. They have to be aware of the potentially disruptive capabilities of cloud, social computing and mobility that are changing the world of business and transforming how business is done,”says White.
Amongst the major concerns of CIOs should also be the fact that most vulnerabilities facing corporates are assessed and acted upon according to past events.
“They are not based on emerging cyber threats or on the actual risk profile of organisations. “Protecting vital information assets demands a ‘cyber approach’ that covers a full spectrum of functional issues. A ‘protect the perimeter and respond when attacked’ mentality is no longer sufficient.
“Cyber intelligence today represents a vastly more sophisticated and full set of threat management tactics. They take the vital step of providing tools to move to a more proactive threat awareness posture that looks beyond existing corporate horizons,” says White, adding that cyber intelligence, for full effectiveness, should be considered over four areas in 2011 and into the future, namely:
Cyber security, where the emphasis must move away from perimeter intrusion and protection, identity and access management solutions, manual technology solutions and the traditional role of the Chief Information Security Officer as a technologist with deep domain knowledge, but without a seat in the boardroom.
“Cyber security is now increasingly framed as a combination of architecture, practices and processes, with equal focus demanded on internal and external threats.
“Highly integrated tool sets and investments in cyber analytics have helped identify previously undetectable exposures. Automatic identity management tools are incorporated into day-to-day tasks, including smart cards, biometrics, and fingerprint and handprint scanners. As befits the changing demands of the environment, the role of the CSO has also changed, demanding a blend technology and leadership skills,” says White.
The challenges of cyber forensics, previously based on the premise that incident investigations would conclude once root-cause analysis were determined and cleaned and self-contained analysis was rarely used to augment existing controls or update policies, had also moved, moving beyond the host to the network layer.
“Cyber forensics is now looking at the network layer and determining the source of malware. This is correlated with other internal and known external threats using cyber analytics in an attempt to inform of future vulnerabilities,” says White.
Cyber analytics, where previous challenges were a reactive approach based on situational awareness and descriptive analyses and an understanding of the values of business analytics had moved to a situation where cyber analytics is now predictive, prescriptive and a part of a closed loop cycle of continuous refinement based on other cyber intelligence activities.
“Cyber analytics in 2011 is an established tradecraft of analytics, reinforced by the realisation that threats and opportunities are often hidden in plain sight,” says White.
Cyber logistics prior to 2011 were typically limited to deal signings and cursory annual audits, says White, and typically notable in manufacturing reliance on ever-changing sub-contractors and small hardware providers, each with their own risk profiles, which created potential weaknesses upstream in the supply chain.
Personnel checks occurred only during hiring or contracting processes, with clearance processes mainly handled by largely unknown third parties.
“Cyber logistics in 2011 has moved to include extensive analysis to identify, assess and mitigate risk posed by vendors subject to foreign ownership, control or influence or other significant concerns prior to purchases being made or contracts being entered into.
“Continuous auditing of suppliers, including organisation structures, corporate activity and on-going verification of the integrity of goods is at the forefront of concerns.
“Finally, cyber intelligence strategies are in place that includes provisions for personnel security, and automated reinvestigation of executives and privileged roles,” he concludes.