Network security breaches have become more time consuming for companies to combat as networks have grown more complex. Security vendors have, in turn, relied more heavily on technology to enhance solutions and services in conjunction with rising risk levels.
Despite these efforts and multiple competitive offerings available in the marketplace, cyber attacks largely continue unabated. Across the Asia Pacific region, companies are dealing with the effects of attacks. The latest research from Microsoft and Frost & Sullivan identified that more than half of organizations in surveyed in countries including Hong Kong, Singapore and Korea had certainly experienced a cybersecurity incident or were unsure because they had not executed proper forensics or a data breach assessment. In light of these challenges, the task of protecting corporate networks can appear daunting for IT executives. Does the industry have the answers to this seemingly endless cat and mouse game?
IT roles are evolving but are professionals keeping up?
With the rapid evolution of technology, companies have been challenged to fill roles related to the cloud, data analysis and networking with skilled professionals. The security profession is no different, as this talent crunch affects the entire global industry. In Hong Kong, talent experts predict that the country’s high skilled labour deficit will deteriorate at a rate of 11 percent annually from 263,000 in 2020 to 746,000 in 2030.
Digitalisation is a strategic priority for a majority of forward-thinking companies, but so their employees must keep their skills updated to match the pace of change.
Traditional IT workers have also taken on new roles, as security responsibilities rise higher on their checklists. In modern IT organisations, the reality is that all professionals need to be aligned with the digital journeys businesses are taking. This requires working across the organisation to help deliver desired business outcomes, while reducing risk. It is not about perfect security but setting a risk profile for the business based on its appetite for risk, industry sector and the types of threats it faces.
Vulnerabilities are growing in systems and network infrastructure
IT leaders and security industry professionals must come to terms with the fact that systems and network infrastructure vulnerabilities are continuing to increase and act on it. Across security applications, endpoints and network infrastructure there will always be vulnerability but what is important is the actions we take as an industry to combat them. That means considering what is exploitable, what is realistic and the various ways the business can be impacted by a security breach. Answering these questions will help IT leaders determine where the department’s time and money should be invested.
This is a vastly different approach than what was historically practiced in IT. Before, security was predicated on a situation where only on-premise hardware had to be considered in the security sense. Now, much of an organisation’s critical assets and data are scattered across various cloud providers in several countries.
The IT security focus of the future: identity and data
In light of this new reality, two areas of security are going to become the cornerstone of successful IT security strategies going forward. The first is identity, or the management of who has access, what they have access to (and when) and how that access is managed. Second is the data itself. That includes managing where it is located, who has access and determining what is most valuable. Modern companies on the road to digital transformation must protect the most valuable of its data at all costs to maintain trust, grow revenue and support on-going operations.
The key to both security strategies is privileged access, or the special permissions humans, applications or machines need to manage and control critical assets. In nearly every breach, privileged access is compromised in order to assume identities and access data. It is critical to manage and protect privileged access wherever high value identities and data reside – whether that is on-premise or in the cloud.
Written by Jeffrey Kok, VP, Solution Engineers, Asia Pacific and Japan, CyberArk