More connected devices equates to more cybersecurity exposure, more risk
WASHINGTON – Booz Allen Hamilton, one of the nation’s largest management consulting firms that is well known for its broad range of experience on cybersecurity, has predicted that a new and more comprehensive approach will be needed to address cybersecurity in a world dominated by connected devices.
The “Internet of Things,” makes systems far more vulnerable because it greatly increases the “surface area” of a potential attack, providing more points for hackers to gain access.
Traditional cybersecurity doctrine largely revolves around responding to breaches after they occur, identifying the point of entry for the hacker and then fixing it.
BAH argues this is no longer enough.
“When it comes to data security, the fundamentals have changed,” Bill Stewart, EVP of cybersecurity for BAH noted. “News of a large-scale data breach is nearly an everyday occurrence, while the scope and long-term damage associated with cyber incidents are escalating.
“The companies we speak with are tired of chasing the problem: They want to do better than fight the next battle with the last war’s plan. Looking ahead, we see both new, daunting risks and a shift in how companies tackle the cybersecurity challenge.”
BAH sees the response to greater risk and outdated measures as a proactive defense, attempting to anticipate threats and weak points and strengthen cyber walls rather than responding to threats as they emerge.
BAH also recommends that firms monitor intelligence on known hackers and emerging cyber threats in order to better counter potential intruders.
“It’s a shift similar to what took place in natural disaster response, where use of predictive weather data enables communities to take preventive measures before the storm hits,” Stewart said.
BAH also outlined numerous other steps firms could take to enhance their cyber defenses, as well as major trends BAH sees unfolding in the cybersecurity field over the next few years.
Those include:
• Third-party incident response vendors should be rated, with the new baseline being a demand for experienced cybersecurity talent, a strong step-by-step methodology, and expertise in crisis communications, legal, policy, business and technical areas.
• Cybersecurity will evolve over the next few years from a compliance issue to a strategic, business-critical priority, as preparedness moves beyond dollars and compliance to actually protecting the business from damaging attacks. Much in the same way health, safety and logistics have become a major priority for companies large and small.
• Companies should invest in embedded security within items ranging from electric turbines and air-conditioning systems to “smart” light bulbs and vehicles – a high priority for keeping the business running.
Cyber threat response will need to become the wheelhouse of a chief executive within the company, and a top priority for the organization on all levels.
