- Security TWENTY Home
- Women in Security Awards
Some hurdles for businesses to vault in 2018 are tackled by Chris Ducker, Senior Director – Global Proposition Strategy, Sungard Availability Services.
How would you summarise 2017 in three phrases? Most organisations would paint a less than favourable picture. Let’s start with ‘cyber-attacks’ – ransomware attacks are growing at a yearly rate of 350 per cent (according to the Cisco, 2017 annual cybersecurity report). Following a snap general election, and a concerning lack of clarity on Brexit, why don’t we add ‘political uncertainty’ to the mix? And ‘economic turbulence’ seems apt, after the pound fell to an eight-year low. There was no shortage of challenges for businesses in 2017. But as the quote goes ‘Fool me once, shame on you. Fool me twice, shame on me.’ So how can organisations ensure that they learn from both their, and others’, mistakes in 2017?
Unpredictability lurks around every corner, and while it’s nigh impossible to know what’s on the horizon, this does not negate the need for preparation and foresight to ensure your enterprise is equipped to deal with the inevitable challenges for businesses in 2018. How can they become more robust and resilient enterprise? Here I reflect on the lessons of 2017, as well as examining three significant hurdles ahead:
It’s inevitable that Brexit will stir the waters for businesses in 2018, with the capacity to hit the job market, economic stability and global commerce. However, whether we like it or not, it’s on the cards for 2019 and negotiation talks will pick up the pace throughout the year. Businesses will need to look beyond Brexit’s negative connotations and establish how they can profit from the opportunity. 2018 represents a chance for firms to review and boost their recovery capabilities to have the best shot at navigating the risky waters ahead. Full resilience across their people, processes and technologies, and the capability to not only maintain ‘business as usual’ in the face of turbulence, but thrive, should be the ultimate goal.
Business should regularly review and test systems to ensure they have the agility to deliver on emerging market demands and Brexit-related volatility. Whether running production or recovery environments, resilience across all aspects of the business as Brexit unfolds is vital. This identifies vulnerabilities; enabling strategies for optimum resilience to be put in place, to manage risk positively should the worst happen.
Cybersecurity and data protection
Barely a day went by in 2017 without a business falling victim to a cyber-attack. And this is more than media speculation; a cyber-attack that brings down a major internet cloud provider could cause as much economic devastation as Hurricane Katrina, according to the World Economic Forum. Security and recovery will need to be placed high on the agenda in 2018. However, our research reveals that a seemingly inadequate 10pc of IT budget is currently being spent on security provisions. Cyber threats continue to evolve, and defenses will need to be a central component of any digital and business strategy.
We know that security spending is in the Top-5 of CIOs’ priorities (according to the Gartner 2018 CIO Agenda), but as 2018 develops, what they need to do is weigh up how much risk they are prepared to take versus the spend that will be required. Certainly, businesses will need to be equipped to tackle threats from a security defense point of view. But if the worst happens, what next? To minimise damage to finances, stakeholder and staff relationships, and global reputation, businesses will also need to be fully prepared from a recovery and crisis communications point of view to temper the aftermath.
We often see businesses scale up their recovery requirements at time of testing. This suggests either that plans were inadequate, their environment has changed or what a successful recovery looked like was not what the board expected. Businesses should be specific about what outcome they are trying to achieve. Is it tick-over mode whilst the business pulls itself together? Or is it resilience, so you carry on strong following an attack?
As the May deadline fast approaches, the EU General Data Protection Regulation (GDPR) will also be a driver for improvement to data security. It will require businesses to hire data protection officers, and have a solid crisis management team in place to take care of customer relationship management. Laying the groundwork now by mapping your company data, and ensuring full visibility of what information is stored where at all times, is vital. Another element of GDPR, which is often overlooked, obliges companies to maintain availability and recoverability of data following a disruption. Business leaders should ensure their IT teams are covering availability, as well as data security.
IT departments have been hit hard by the skills gap, and it’s fair to speculate that this talent shortage will continue to grow in 2018. IT systems are becoming increasingly hybrid, making it an arduous task to balance the skills required from different generations to maintain infrastructure. Paired with this, new technologies are coming onto the market every day, meaning skillsets that didn’t even exist in the past have now become integral to businesses IT strategy.
Heading into 2018, we expect that cybersecurity skills will continue to be highly sought after. Security tools are crucial, but more often than not it is staff themselves who constitute a weak security link for organisations. Meanwhile, as companies scale out on SaaS, PaaS and IaaS, core infrastructure management roles will diminish in numbers. Businesses will need to focus on addressing the lack of staff given up-to-date training onto managing, monitoring, updating and maintaining the security aspect of modern IT infrastructure.
As their adoption becomes more commonplace, new technologies such as AI, machine learning and coding will mean skills in those areas are increasingly in demand; training in such areas needs to rise up the education agenda for young people. We expect that, more generally, the most valuable skills to benefit students’ career prospects will be problem solving, innovation and strategy development, design and technology and financial management.
While training up the younger generations is important, businesses will also need to ensure they have the right skills and knowledge at boardroom level; rather than those who possess legacy skills alone and a lack comprehensive digital awareness.
So, what can we expect in 2018? Natural disasters and terrorist attacks are likely possibilities, whereas tremors resulting from Brexit and the introduction of the GDPR are certainties. Whatever lies ahead, businesses are operating in a more perilous minefield than ever before and will need to equip themselves to avoid damage to their bottom line. Managing 2018’s risk scenarios at the earliest possible stage will help to minimise damage to strategic business and IT programmes, and show that they can thrive in the face of hardship and more, importantly, be available to their customers and market.