F5 Networks recently unveiled a security report, a study, titled ‘The Evolving Role of CISOs.’ The study, done in collaboration with the Ponemon Institute, collected information based on interviews with senior-level professionals (CISOs and CISO-equivalent roles) from 184 companies in seven countries.
A key takeaway – there is a shift toward security as a business priority. Fifty seven (57) percent of the respondents say that their organizations have experienced big developments that are driving change in their attitudes about security programs. Next, 49 percent believe that their organization considers security to be a business priority. Cybersecurity exploits and material data breaches are contributing most significantly to the changing attitudes about IT security programs.
Some of the other takeaways include:
* CISOs believe in the importance of an executive-level security leader.
* Enforce policies that protect the organization from insider negligence.
* Assess the risks created by the Internet of Things (IoT).
* Hold third parties to a higher standard of security.
* Invest in technologies that enable the move from protecting the perimeter, to the protecting of the endpoints, applications and data over the next 24 months.
Parag Khurana, MD, F5 Networks, India and SAARC, said: “There is a changed security landscape. The cloud is rapidly transforming. Also, the enterprises are consuming applications very differently. Everything is now getting encrypted.”
According to the study, 72 percent of the attacks are on applications. There is 28 percent attacks on the user identities, and 44 percent attacks on the application itself. Even then, less seems to be happening to support this sector.
Till now, most of the security is network-centric. It is causing a shift in IT security. Today, the focus is on security from the applications point of view. F5 Networks promises to secure the access to your applications. F5 Networks is seeing more conversation on multi-cloud security.
According to the CISO report:
* With the number of cyber attacks on the rise, the role of the CISO will become even more critical.
* Current IT security strategy spanning a company is still very rare.
* Recognition of security as a business priority is still reactive.
* An IT security strategy is still very rare.
— 58 percent believe that IT security is a standalone function.
— 45 percent believe that security function does not have clearly defined lines of responsibility.
— 22 percent believe that security is integrated with other business teams in their organizations.
In India, 57 percent of the respondents say that there is a change in attitude due to the big developments. Next, 31 percent say that there will be more dependency on application security in the future, and 30 percent feel that there will be more dependency on end-point security in the future. Another 23 percent feel that there will be less dependency on network security in the future.
Things to do for CISOs
There are three things for CISOs to look at in future:
* On moving on to the cloud, what happens to the current security?
* How can multi-cloud environments work?
* How can they best protect the organizations from attack vectors that have now increased?
Enterprises definitely need to establish enterprise-class data centers, and have own control, and further extend that to hybrid models. Banking and financial services are the first movers to implement security. Next, the pharmaceutical companies are adopting security to protect their IP.