In the war against Cyber Criminals, Enterprise IT teams fundamentally have a significant challenge on their hands. The fundamental problem is essentially this:
Cyber Criminals are “out innovating” Enterprise IT.
Cyber Criminals can essentially move faster than most IT organisations as they are not bound by “change control” or ITIL. They also don’t need to conform to corporate ethics, policies or compliance requirements. Additionally they don’t need to contend with corporate politics, siloed operations and empire builders.
Their mission is very simple. Gain unauthorised access to information and other assets and maximise return on time invested doing so. The rapid weaponisation of the cyberspace coupled with significant commercial opportunities for cyber criminals has given rise to ever more sophisticated, tailored, difficult to detect and targeted attacks aimed at the industry. These attacks have the potential to cause significant damage; damage to both reputation and business viability.
In an effort to build the most sophisticated defence against such threats, every IT organisations has ambitious plans to build the most powerful defence. For those Star Wars fans out there, this can be likened to the Death Star!
However due to technology and budgetary limitations, the reality looks more like the below:
But due to the fragmented nature of the cyber security market and how organisations tend to think about “security problems”, most IT environments end up with this:
Often times, IT organisations end up with a “bag of bits”. These point solutions are often sold without any professional services attached to them and the business outcomes are often overlooked leading to vendor proliferation.
According to a study done by Penn Schoen Berland, a global market research and consulting firm, earlier in 2016, 62% of security practitioners believe that technology sprawl adversely impacts the overall security posture of organisations.
In order to build the “lego set” an integrated open and extensible architectural approach that penetrates deeper into the fabric of the organisation with the ability to learn and adapt and get stronger over time is essential.