Learn more about Whistic’s response to Apache Log4j and what we’re doing to help our customers with this vulnerability. Read more

Information Security: The Importance of Being Nimble

May 22, 2019

When it comes to corporate cybersecurity and data privacy, most companies have some plan in place already. Whether it’s a dedicated security team or focused data security strategy, there is at least some conversation going on about this issue. While this is a great start for any organization, there is one factor of cybersecurity that many corporations tend to forget: the InfoSec world moves incredibly fast and it can be hard — if not impossible — to keep up without a nimble, scalable strategy in place.

The move of the industry to the cloud precipitated this speed by giving players on both sides the tools and resources they need to make big moves and build like never before. The cloud also opened up an ‘information highway’ of sorts in which data and technology are open and available to who needs it, whether it’s third-party vendors, app developers, or supply chain partners.

There are multiple aspects of the InfoSec world that are constantly changing and evolving, including:

Corporate policies and collaborations: In today’s digital world, there is no such thing as being a ‘corporate island’ in the sea. Everything is interconnected, which means data itself is interconnected and shared with business partners, vendors, and third-parties. While this interconnectivity is necessary from a strategic perspective, it also opens up areas of potential weakness or vulnerability. Because modern business is so fast-paced, corporations can’t simply say ‘no’ to a potential partnership. This means that connections might be forged, however, without adequate security provisions in place because the InfoSec strategy isn’t flexible enough to rapidly adapt.

The widespread adoption of cloud technology: Another part of the rapid pace of corporate growth is cloud adoption. Cloud technology has made it possible for businesses to operate more efficiently and effectively than ever before, which is why it has spread so quickly throughout businesses. While cloud technology is great from a corporate strategy perspective, it also opens up a bevy of potential threats or leaks in data protection. A majority of modern InfoSec teams just aren’t adequately prepared to face these threats, or they aren’t fully aware of what these threats even are. According to a recent survey of InfoSec professionals, 60% of respondents believe that cloud-based corporate strategy is moving too fast for current security protocols to be effective. In many cases, cloud security is spread out across multiple teams or departments depending on application basis, which makes it even harder to focus time, attention, and resources on areas of vulnerability.

The demands of IT innovation outpacing the scope of project management: The fast pace of IT innovation isn’t new, and some corporate InfoSec teams have already started to strategize and plan for potential solutions. In some cases, however, this innovation is occurring at such a rapid pace that project management solutions can’t even keep up with the requirements. Traditional PM tools like Gantt charts and project tracking simply can’t handle the constantly updating demands and timelines of an advance IT project. Instead of shuttering the project or turning to new PM tools to meet the demand, some IT teams simply forge on ahead, opening the door to potential threats without even realizing it.

Industry and government regulation on every single level: While cybercrime has been on the rise for a while, it took some of the world’s largest companies falling prey to hackers, exposing millions of protected data records, for InfoSec to become a foundational discussion point for decision makers on every level. From at-risk industries like finance and healthcare to state, national, and global government regulations, InfoSec is now one of the hottest topics on the docket. After Europe set a global precedent with its General Data Protection Regulation (GDPR) rule, other countries and governments took notice. Multiple states passed data protection laws in 2018, and more than 36 states and Puerto Rico have introduced new cybersecurity legislation for 2019. As more industries and governments figure out which types of security models work best for their particular needs and vulnerabilities, these security structures can be shared with others. Recently, Ohio adopted the cybersecurity infrastructure introduced by the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model. As the third state to adopt this model, Ohio is following in the footsteps of government policies that are learning from industry-built strategy.

The continued growth of potential cybersecurity threats: Another important fact to remember when it comes to cybersecurity is that for every innovation or step forward in data protection there is an equally big (or bigger) step forward for those on the other side of the game. Cyber threats continue to grow and emerge for businesses of all sizes, shapes, and industries. It’s estimated that the results of cybercrime will cost more than $6 trillion a year by 2021. As threats become more sophisticated and advanced, the solutions used to identify and protect against these threats must advance as well. Currently, it takes an average of 191 days (more than six months!) for organizations to realize they’ve been a victim of a security breach. While this number shows exactly how sophisticated these threats can be, it is definitely not a scalable outlook for companies trying to combat cybercrime.

The time it takes to deploy traditional security protocols: Luckily, a flood of new information and resources on the evolution of the InfoSec industry has led many corporations to find and implement vendor risk management solutions to assess potential threats and address vulnerabilities. While taking this first step is a good start, it can take months for these security protocols to be deployed and actually make an impact. In fact, some solution deployments can take more than a year to get up and running. Once InfoSec teams make the decision to invest in a risk management solution to proactively address cyber threats, they should be able to start making an impact within weeks — not years.

In order to remain secure and protected in this fast-moving InfoSec environment while still having the ability to be aggressive and capitalize on new opportunities is by incorporating a security strategy that is nimble, scalable, and that doesn’t skimp on compliance. With Whistic, organizations can quickly make updates and changes to current risk assessments to address new areas of threat or vulnerabilities. Additionally, the average Whistic platform deployment takes mere weeks, not months.

As Whistic customer Andrew Migliore, VP of Engineering & Security Officer for Radar, Inc., put it, “Whistic, compared to some other vendors, is like a quick marsupial that can dart in and out of the legs of the dinosaurs, running circles around them.”

Download the Whistic Use Case Here

cybersecurity cloud computing regulation data protection innovation

About the author

Whistic
Whistic

The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.

Close