Beyond Cybersecurity
eBook - ePub

Beyond Cybersecurity

Protecting Your Digital Business

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Beyond Cybersecurity

Protecting Your Digital Business

About this book

Move beyond cybersecurity to take protection of your digital business to the next level

Beyond Cybersecurity: Protecting Your Digital Business arms your company against devastating online security breaches by providing you with the information and guidance you need to avoid catastrophic data compromise. Based upon highly-regarded risk assessment analysis, this critical text is founded upon proprietary research, client experience, and interviews with over 200 executives, regulators, and security experts, offering you a well-rounded, thoroughly researched resource that presents its findings in an organized, approachable style.

Members of the global economy have spent years and tens of billions of dollars fighting cyber threats—but attacks remain an immense concern in the world of online business. The threat of data compromise that can lead to the leak of important financial and personal details can make consumers suspicious of the digital economy, and cause a nosedive in their trust and confidence in online business models.

  • Understand the critical issue of cyber-attacks, and how they are both a social and a business issue that could slow the pace of innovation while wreaking financial havoc
  • Consider how step-change capability improvements can create more resilient organizations
  • Discuss how increased collaboration within the cybersecurity industry could improve alignment on a broad range of policy issues
  • Explore how the active engagement of top-level business and public leaders can achieve progress toward cyber-resiliency

Beyond Cybersecurity: Protecting Your Digital Business is an essential resource for business leaders who want to protect their organizations against cyber-attacks.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Beyond Cybersecurity by James M. Kaplan,Tucker Bailey,Derek O'Halloran,Alan Marcus,Chris Rezek in PDF and/or ePUB format, as well as other popular books in Business & IT Industry. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2015
Print ISBN
9781119026846
eBook ISBN
9781119026907
Edition
1
Topic
Business
Subtopic
IT Industry
Index
Business

1
Cyber-attacks Jeopardize Companies’ Pace of Innovation

All business investments require trade-offs between risk and reward. Does the interest rate on a new bond issue adequately compensate for the risk of default? Are the potential revenues from entering a new emerging market greater than the risk that the investments will be confiscated by a new regime? Does the value of oil extracted via deep-water, offshore drilling outweigh the chance of a catastrophic accident? Tough questions must be answered by weighing up the business imperatives against a calculation of the risk—and the greater the risk, the harder it is to make the case for investment.
Technology investments are no different. They, too, have always been a trade-off between risk and return. However, for enterprise technology, increased global connectivity is raising the stakes on both side of the equation. The commercial rewards from tapping into this connectivity are enormous, but the more tightly we are connected, the more vulnerabilities exist that attackers can exploit and the more damage they can do once inside. Therefore, when a manufacturer invests in a new product life-cycle management system, it is making a bet that the system will not enable the theft of valuable intellectual property. When a retailer invests in mobile commerce, it is betting that cyber-fraud won’t critically damage profitability. When a bank invests in customer analytics, it is betting that the sensitive data it analyzes won’t be stolen by cyber-criminals. The odds on all those bets appear to be shifting away from the institutions and toward cyber-attackers. They could swing decisively their way in the near future given most companies’ siloed and reactive approach to cybersecurity.
Our interviews with business leaders, chief information officers (CIOs), chief technology officers (CTOs), and chief information security officers (CISOs) indicate that concerns about cyber-attacks are already affecting large institutions’ interest in and ability to create value from technology investment and innovation. Potential losses, both direct and indirect, reduce the expected economic benefits of technology investments, as do the high cost and lengthy time frame required to build the defense mechanisms that can protect the organization against a growing range of attackers. In short, the models companies use to protect themselves from cyber-attack are limiting their ability to extract additional value from technology.

RISK OF CYBER-ATTACKS REDUCES THE VALUE OF TECHNOLOGY FOR BUSINESS

Concern about cyber-attacks is already having a noticeable impact on business along three dimensions: lower frontline productivity, fewer resources for information technology (IT) initiatives that create value, and—critically—the slower implementation of technological innovations.

Lower Frontline Productivity

Compared to even a few years ago, companies have many more security controls in place that limit how employees can use technology. They prevent users from installing applications on their desktops. They turn off USB ports and block access to consumer cloud services such as Dropbox. They prohibit executives from taking their laptops to certain countries or require that the laptop be reimaged on return. Layers of security controls can even make turning on a desktop or laptop a prolonged and frustrating process at some companies.
Cybersecurity teams may have good reason to implement these measures. Unknown applications can contain malware that antivirus programs can’t detect. USB ports can be a source of infection, and both USB ports and consumer web services can be a mechanism for inappropriately copying sensitive data.
Employees, however, can see such measures as draconian. Worse, they can directly affect productivity and morale. The salesperson can’t hand a USB stick with a video about a new product to a potential customer. The executive traveling overseas has to spend time copying her contacts onto another disposable phone before the visit and is unable to access Skype from her laptop to speak to her husband back home while away.
Security controls also limit frontline experimentation, which has been the source of so much of the value users derive from IT. In the 1980s, the first bankers who started using Lotus 1-2-3 to construct pro-forma models didn’t have approval from corporate IT. Twenty years later, IT had no idea that small groups of executives had started using Blackberries to communicate with one another. Today, such innovations would be an explicit violation of most large companies’ information security policies.
As a result of these factors, 9 out of 10 technology executives say cybersecurity controls have at least a moderate impact on end-user productivity; in the high-tech sector, 60 percent say the impact on productivity is a major pain point. A senior technology executive at a large bank said that if the CEO realized how many hours were lost as employees struggled with security controls, “he would hang us all.” The CISO for a high-tech firm said he was convinced that the security controls he had to put in place contributed to talented engineers leaving the company.
Unfortunately, in many cases, restrictive security controls do not even solve the initial problem. They can lead users to circumvent corporate IT entirely, ironically increasing the risk dramatically. For example, at one securities firm, many bankers became so frustrated by long boot-up times and other controls that they stopped traveling with their IT-issued laptops. Instead, they just bought cheap laptops with no security controls and used free web-based e-mail services to communicate with each other.
Even government employees find workarounds. In a 2010 survey of U.S. federal officials, just under two thirds said security restrictions prevented them from getting information from some websites or using applications related to their jobs. The solution: using a nonagency device to access the information they need. In fact, more than half said they accessed information from home instead of from the office to get around the security controls.1

Less Money for IT Initiatives that Create Value

Direct cybersecurity expenditures are small compared to overall IT budgets and business revenues, but cybersecurity still diverts resources away from IT projects that create value because of the downstream effects it has on other IT functions such as application development and infrastructure.
It is hard to get a handle on how much companies spend protecting themselves from cyber-attacks. Some security-related functions, such as firewall management and identity and access management (I&AM), may be located in security budgets or may be found elsewhere in IT. This, as well as differences in security posture, means that there is a large range in how much companies spend on their cybersecurity function. Most commonly, cybersecurity organizations represent between 2 and 6 percent of an IT function’s budget, though we know of some companies that dedicate as much as 8 or 9 percent—typically those with stringent requirements or that are in the middle of large programs to improve their security capabilities (Figure 1.1).
images
FIGURE 1.1 Cybersecurity’s Share of the Overall IT Budget Can Vary Widely—Even within One Sector
Although cybersecurity is growing more quickly than other areas of enterprise IT, direct cybersecurity expenditures do not appear to be that big an issue for most companies. While some of the largest banks and telecommunications firms can spend several hundred million dollars on cybersecurity, many other large companies spend much smaller amounts. For example, a $25 billion manufacturing company that devote...

Table of contents

  1. Cover
  2. Title page
  3. Copyright
  4. Foreword
  5. Preface
  6. Executive Summary
  7. 1 Cyber-attacks Jeopardize Companies’ Pace of Innovation
  8. 2 It Could Get Better— or $3 Trillion Worse
  9. 3 Prioritize Risks and Target Protections
  10. 4 Do Business in a Digitally Resilient Way
  11. 5 Modernize IT to Secure IT
  12. 6 Engage Attackers with Active Defense
  13. 7 After the Breach: Improve Incident Response across Business Functions
  14. 8 Build a Program that Drives toward Digital Resilience
  15. 9 Creating a Resilient Digital Ecosystem
  16. Conclusion
  17. Acknowledgments
  18. About the Authors
  19. Index
  20. EULA