The growing numbers of high profile hacks is forcing enterprises to focus more on security, particularly in the cloud and BYOD environment.
This is according to Perry Hutton, regional director: Africa at Fortinet, who adds that high profile cyber-attacks last year have dramatically underlined the losses companies face if they don’t effectively secure their networks and web sites.
“We are living in a world that is evolving to a digital age at unprecedented pace. South African CIOs need to give cyber security as much priority as they are giving this digital evolution. The threat landscape is following a dramatic upward curve in terms of sophistication and persistence. It is only a matter of time before we in South Africa experience a massive security blunder such as Ashley Maddison. Such a breach will undoubtedly cost the CIO his job, may end up costing many staff their jobs, and could even result in the demise of the company,” says Hutton.
“The cyber threat landscape today is more dangerous than ever before. Companies today cannot afford to make the wrong decision when it comes to security. And as the topic of security has become a boardroom discussion, Fortinet is at the forefront, providing the greatest levels of security in an unpredictable, dynamically changing world,” he says.
The challenges faced by CIOs today and their shifting roles
While the need for better information security is increasing in the face of a growing onslaught of cybercrime, CIOs are confronted with a growing need to control, or even reduce, costs. Hutton says this implies that they will have to invest in more intelligent solutions with higher levels of automation, and must focus their IT spend where it offers the greatest business benefits. As increasingly strategic decision makers within the enterprise, they also need to determine the potential losses to the business in the event of a security breach, and mitigate the risks appropriately.
Trends to watch
“In the information security field, CIOs are focusing on maximizing their budgets without compromising security. This is driving a move towards the next generation firewall, which does its job efficiently, while the cost justification is perfect,” says Hutton.
“Within networks, we can expect enterprises to look more closely at traffic filtering and move away from applying everything to everything. There is a great deal of internal traffic that requires only certain filtering functionality, so companies are becoming more prudent about how and where they inspect traffic.”
“BYOD is a driving wireless network use, with an associated increased need for user authentication solutions, and we expect authentication to enjoy more uptake in 2016,” he says.
Top security technology challenges
“There is a high level of risk coming from BYOD, and as Fortinet’s recent global and local surveys found, wireless networks supporting BYOD are not as secure as they should be,” Hutton says. “CIOs or CISOs are going to have to focus their attention on securing the wireless network more effectively.
Another information security challenge coming to the fore is the issue of HTTP Strict Transport Security (HSTS) encryption of applications and devices, Hutton says. In addition, Internet of Things (IoT) devices will proliferate, and CIOs and CISOs will have to ensure that the IoT environment is secured, he says.
“As cloud uptake increases, enterprises are also grappling with the cloud disconnect and business continuity. They are asking ‘How can we ensure staff and employee productivity if services in the cloud go down?’ They are also concerned about who will take responsibility for the security of these cloud services,” he says.
Primary strategies for CIOs going into 2016
From a security perspective, Hutton recommends that CIOs:
* Find cost-effective and best value for money solutions that will protect the users and or customer from the data centre to the end point. These security solutions must provide protection not just from the outside but also from the inside of the networks;
* Implement strategies to control and monitor BYOD and WYOD from and internal and external user perspective. How will smart devices that monitor control certain functions in the organisation be protected and or monitored?
* CIOs in the financial industry should immediately consult their security providers to advise them on ‘killchain’ strategy and competencies; and
* Have a mobile security strategy aligned with e-commerce business needs, as they are becoming a blend of services with both cloud and SDN networks driving this space.