Adapting cyberdefense to the threat
When it comes to data security, cybersecurity, network security — just about any kind of corporate information security — many enterprises can do far more to address the risks that their organizations face. Though most have invested substantially in IT security, they are still not taking full advantage of the maturing tools and services available to help blunt today's attacks and plug the many entry points that skilled attackers can now exploit.
Compliance has become a comfort zone. Meanwhile, IT attack surfaces keep widening across more devices, more systems, more people, more partners, and broader infrastructure. Cloud and mobility have created new places for hackers to probe. Targeted forms of cybercrime are raising threat levels. And legacy systems that were never designed for a connected world have been brought online, opening up further weak points.
Today, IT leaders need to stay alert for the next round of security advancements. Some of the focus is shifting from studying your systems to studying the people using them. In parallel, there is
intense activity going into "active defense" systems that actually engage the enemy with the objectives of making it more difficult, more expensive, and less profitable for hackers to do their work. The systems being developed range from technologies that signal to the intruder that he is being tracked to others that deceive him with electronic "pollution" — cyber smokescreens, if you like.
Emerging active-defense technologies help companies know their enemy, and prevent enemies from knowing you. The security burden is not IT's alone. The risks incurred are business risks — to protect the digital business, business leaders must get involved in IT security too.