As we hurtle towards the new digital world of ‘total connectivity’ – where people, computers and other devices are constantly connected, sending data and executing transactions – how will we remain safe from threats? And as organisations start embracing cloud, mobility, social, connected devices, and other trends, how will they deal with the rapidly-evolving threat landscape?
We’re all looking to digitise and transform the enterprise, but the side-effect is that a completely new security paradigm is opened up. Stock-standard, traditional IT security approaches (think firewalls, anti-viruses, and desktop security) quickly lose relevance in the new digital era. Today’s threats are shaping up to look very different, and security is morphing from being simply an IT problem, to a fundamental business concern.
So just what’s driving this new threat landscape? We’ll look at three areas that are defining the nature of cyber-security in 2016 and beyond.
Take a moment to think about how many times you dip in and out of secure environments, or execute secure transactions, in just the time that it takes to make a cup of coffee in the morning. From their smartphone or tablet, one might check emails and text messages, log into one of their company’s systems, make an in-app purchase, check a social network, view their bank account, top-up on prepaid electricity, and order an Uber. All this, in just a few minutes.
For many of us, our daily lives are punctuated with this continual flow of micro-transactions. With the ease of ‘one-tap purchases’ and instant authentication into secure portals, we hardly even notice as we traverse in and out of these various secure digital realms. As organisations, we have to cater for the ease and accessibility that customers now expect, while remaining absolutely secure. The time we take to process transactions must compress to become almost instant (a concept we refer to as ‘zero distance’) – as we handle increasing volumes of secure digital transactions.
Within new digital ecosystems, companies have to work closely together, forging connections to exchange data and instructions in real-time. To stay relevant, we have to open up pathways into our business for other parties (suppliers, partners, developers, payment providers, etc). And machine-to-machine communication continues to grow, and morphs into the realms of self-learning artificial intelligence, exciting new opportunities are created.
But on the flip-side, we’re exposing more sensitive information and escalating the risk levels. As data gets handed over between parties, or as transactions get processed, a ‘digital exhaust’ is streamed throughout the ecosystem: the bits and bytes that linger in the ether. Protecting this data becomes a shared goal for every party in the ecosystem. Every link in the value chain must be tightly secured, and clear rules developed around data ownership, access, and destruction.
Finally, what about you? In just a few short years we seem to have become generally comfortable with sharing massive amounts of personal data with companies. An app asks for permissions? No problem! A website wants to use cookies? Ok! A social network gathers personal data gathering to sell targeted ads? Fine by me!
Within the younger, millennial generation, there is a terrifying amount of personal data that lies openly available within online communities and networks. Social networking sites like Facebook, Instagram and Twitter encourage us to record our lives in digital – captured in rich media like videos and photos. Digital imprints are made with every credit card swipe, every app download, every route navigated in maps, every text message. All this means there is great potential for those with malicious intent.
Modern hackers embark on elaborate step-by-step journeys, scraping together more and more information about an individual, to the point where attacks like targeted phishing and identity theft become possible. The future of the cyber-threat landscape remains difficult to predict. But as these three notable trends evolve, and interrelate with other dimensions’ cyber-security, one thing is clear: organisations need to move quickly to catch up.
