During a CXOCIETY panel discussion on cybersecurity, the senior systems manager in charge of IT Security & Risk Management for a government department in Hong Kong raised an interesting observation: organisations have allocated sizeable portions of the annual IT budget on information security, and yet they continue to be plagued with countless cybersecurity attacks.
He was concerned, not so much at the frequency of the attacks, but at the extent to which human intervention had to be called upon to intervene. He queried whether the technology or countermeasures is failing to keep up with the evolving threat landscape.
“Security and risk management leaders are constantly bombarded with both maintaining existing security projects and bringing forward new projects,” says Brian Reed, senior director analyst, Gartner. “As priorities for new security projects, focus on those that can address a high degree of business impact and also have an ability to reduce a high amount of risks.”
Easier said than done – especially when you are in the middle of a cyberattack.
Si Cyber‘s founder and CEO, Feras Tappuni counters that having the technology to detect is only one part of the strategy. “Once you detect an attack or a hack, you have to have the capability to respond,” he suggested.
In an exclusive with FutureCIO, Tappuni describes the changing attitude of organisations towards managed security services. He commented that organisations are discovering that their strategies – people, tools and policies – are not enough to covering what they required
[to protect their infrastructure and data from cyberattacks.
Enterprises
are challenged with finding and retaining the people they need. Their policies
are not evolving fast enough to meet the changing threat landscape. “They also are tired of spending millions of dollars on tech that
didn’t work for them because they don’t have the depth to do it [themselves]
,” he added.
“You can buy all the best tools in the world but if you have no capability to respond, then what’s the point? Better you don’t know is what I say to our clients,” commented the founder. Watch the full video to know more.
