Many organizations aren’t implementing cybersecurity measures enough to protect them against future risks — a trend that could cause as many as 60 percent of them to suffer major service failures by 2020.
That was among the findings in recent research conducted by the research firm Gartner. The special report points to the increasing transition to digital business along with the shift to external services outside of the IT department’s control. Those are areas that could potentially lead to cybersecurity risks, according to Gartner.
Cybersecurity will become increasingly critical as a result of the broader external ecosystem, said Gartner analyst and vice president Paul Proctor. "Organizations will learn to live with acceptable levels of digital risk as business units innovate to discover what security they need and what they can afford,” he said. “Digital ethics, analytics and a people-centric focus will be as important as technical controls."
Digital businesses need to focus on these areas to ensure that they adequately address cybersecurity in the future, according to Gartner. Here are some of the suggestions:
Improve leadership and governance. When it comes to addressing cybersecurity risks, the research firm considers improvements in governance as a higher priority than efforts to develop technology tools and skills. An effective program needs to take into account budget allocation, reporting, accountability, decision making and transparency as key components of protecting the business.
More extensive cybersecurity. With more emphasis on going beyond the data center — a new edge that includes operational technology, mobile, the cloud, and SaaS primarily for Internet of Things, companies must focus on ways to address cybersecurity risks on a much larger scale. Statistics show that 25 percent of corporate data traffic won’t go through enterprise security controls, because it will go directly from mobile devices to the cloud.
Minimize threats. Companies are realizing they cannot eliminate all security threats. As a result, Gartner pointed out, more emphasis should be placed on detecting suspicious activity and how the IT will respond to those activities. Already, companies are moving in that direction. By 2020, Gartner said, about 60 percent of information security budgets will be designated for rapid detection and response. That’s up from about 30 percent in 2016.