In recent years, the importance of information security has grown steadily. This was not just a condition for the stability of doing business, but the most important strategic factor for its future development, even in the current an dvery turbulent conditions. According to a KPMG Global CEO Outlook study, 71% of company executives in the world see information security as part of their strategy and their competitive advantage.
At the same time, the level of information security (IS) in different organizations is very different. For example, only 39% of Ukrainian companies noted that their business was prepared for cyber attacks, and 31% of respondents were not able to assess such readiness. This suggests that information security is not given due attention. In the world, 68% of executives are confident that their company is able to repel any cyber attack.
It should be understood that the changed economic situation in the world and in Ukraine does not reduce, but increases the risk of information threats. And this requires organizations to protect their business quickly and reasonably. More on that in the article for Delo, translated by NIX Solutions.
What do the ressearch results say?
Based on the results of the annual survey of Oracle and KPMG cloud threats in 2019 (Oracle and KPMG Cloud Threat Report 2019), it is possible to predict what factors can affect the security situation in the current year.
An increase in the number of cyberattacks will lead to changes in the governance structure
Due to the growing importance of information security, responsibility for this area is redistributed to the CEO, and is not assigned solely to the CISO or IT department. Companies are increasingly likely to consider a new position – the Director of Business Information Security Officer.
Cyberattacks will increase in risk industries
An increase in the number of attacks affects many areas, but not all of them are equally prepared to repel them. The less prepared ones include: healthcare, manufacturing, finance, the public sector, energy and utilities. These industries do not invest enough in information security.
The shortage of cybersecurity experts will be critical
Around the world, there is a significant shortage of qualified personnel in the field of information security, and this situation is likely to not change quickly. The desire to overcome the shortage of personnel will encourage companies to move to the cloud.
In order to search for vulnerabilities in corporate software, all employees will be attacked
A significant number of cyber attacks begin with the search for vulnerabilities by phishing. This method has long been known, but attackers are improving the technology for targeted phishing attacks against specific employees (spear-phishing). Employees will always be a weak link in the information security system of a company, which is known to cybercriminals, so cybersecurity specialists should take this into account.
The increased use of clouds creates new challenges to reduce risks
When using cloud services, most organizations are limited only to basic requirements (for example, identification), without a multi-level security system. In 93% of cases, the use of cloud applications does not meet corporate security standards. Thus, ensuring security in the cloud necessitates increased risk mitigation.
How to prevent threats?
The study showed that 46% of respondents noted the introduction of autonomous threat monitoring functions and the application of corrections as an effective way to solve IS problems.
Autonomous databases are an IT solution that meets the current situation. That is, when companies are faced with the task of reducing costs for the corporate IT infrastructure, but not at the expense of information security and business efficiency.
To some extent, autonomous databases act as an analogue of a self-driving car in corporate IT and are built on the basis of three basic principles:
- Self-management. Automatically creates a database, performs updating and troubleshooting in software, as well as backing up and tuning performance.
- Self-defence. Protection against external and internal attacks, prompt elimination of security problems, data encryption.
- Self-healing. Automatic recovery from failures, protection from downtime, providing a given level of service.
Companies choose stand-alone solutions because they often do not have enough IT resources to support the operation of IT systems. Such problems have become relevant for many organizations in connection with a decrease in corporate income and the need to reduce all types of expenses. With such limitations, the role of autonomous systems in the protection of information security systems of any enterprise can increase.