• July 14, 2016

Risky Business: Protection is the New Prevention

By Andreas Wuchner, Chief Technology Officer, Security Innovation, Enterprise Services

Protection is about understanding the business impact.

The key focus in every IT security strategy has always been prevention. Yet the reality today is that preventing attacks is an illusion. So it follows that Gartner is calling out protection as one of four IT megatrends, and I agree. Enterprises need to know what threats are out there and how to prepare. Protection is about understanding the business impact, and that’s where the conversation should start.

Detect and Respond

Enterprises can’t control everything or prevent every attack. Instead, leaders need to realize the threshold for tolerance, and have the proper technology in place for strong detection and response. Every breach offers a window into what to anticipate. Financial services institutions, consumer goods companies, and healthcare entities have greater exposure than other industries. By knowing what the risks are, leaders can prepare and plan.

Executive Considerations

To protect the enterprise:

  1. Accept that cyber risk is not going away. The more leaders integrate the topic of cyber risk into standard risk behaviors, the better the outcome will be.
  2. Understand the risk acceptance threshold. Enterprises can unwisely spend money on technology if they don’t have a partner who can explain the potential business impact. Perspective is key.
  3. Make security a constant agenda item. Protecting the enterprise should be a permanent agenda item and not an afterthought. Lock down a plan for responding to threats and risks. Who is informing the regulatory agencies? Who will be communicating with outside partners? These things should be decided, documented, and tested before an incident takes place.
  4. Know who the trusted partners are. If the enterprise does not have the capabilities in-house, leaders need to know who to call. If your house is on fire, you call the fire department. Who’s on your speed dial for a cybersecurity breach?

This is not the time to sit still. While prevention might be a thing of the past, cyber risks and threats continue to multiply and increase in sophistication. Understanding the attack environment is integral to making the necessary business decisions that put the right technology measures in place.

Watch Gartner analyst Tom Bittman explain the protection megatrend here and here, and see the complete series of videos and articles on Gartner megatrends.