Cyber-attacks have become so sophisticated against such a broad surface that a proactive and extended defense-in-depth is required. Zero-trust security principles, continuous employee awareness/training, good cyber hygiene, and extension beyond the enterprise are required to protect the enterprise and establish cyber resiliency.
Operating environments are vulnerable to many advanced threats, and they carry the risk of shutting down production and therefore business. From upgrading aging equipment to training shop floor teams, enterprises have to give as much attention and resources to protecting OT as they do to protecting traditional IT/office domains.
Ransomware and phone-based phishing and smishing are among the security challenges without satisfactory solutions. Technologies such as machine learning help, but employee awareness and training remain at the heart of protection.
The economics and advantages of the cloud are irresistible, but the risks are equally large—and considerably less visible. A new mindset of vendor qualification and verification has to appear—though few, if any, scalable processes now support it.
More than ever, technology and business have to work together to innovate and compete while maintaining security. Tensions between security and production need to be identified and managed at executive and board levels. So far, security typically remains organized under technology… but perhaps not forever.
In an increasingly networked world, determining which partners can be trusted is the key challenge in cyber security. Checklists, assessments, and potentially certifications are temporary stopgaps; persistent trust will result from security by design, incorporated from the beginning of development rather than bolted on at the end.