(Image by Gerd Altman/Pixabay)

Now that businesses have fully embraced digital transformation by moving their data to the cloud, they are now faced with the gargantuan task of protecting information from cybercriminals. As the threat landscape evolves together with digital landscape, enterprises need to know how to deal with assaults.

According to research and advisory company Gartner Inc., security and risk management leaders should be able to identify as well as deal with risks and threats especially now that criminals have become more innovative and creative.

The investment in security software far outweighs the cost of cyber attacks, which Gartner said cost companies about $330 million in sales and revenue impacts mostly due to malware-based assaults. Not to mention the damage to brand reputation in the event of a data breach that compromises user data and personal information.

“Cyber attacks are making the front pages on a regular basis,” said Jeffrey Wheatman, research director at Gartner and conference chair for the US Gartner Security & Risk Management Summit. “What does this climate of continuous risk mean for security leaders? Organizations have tended to focus on stopping data breaches, despite the fact that it’s a losing battle.”

He added that organizations should find digital transformation as an opportunity to evaluate their security technology and “reduce long, resource-intensive and costly RFP (request-for-proposal) processes.”

Strategy

Wheatman suggested applying a strategy called CARTA (continuous adaptive risk and trust assessment), where organizations have a multilayer environment that would make it difficult for cybercriminals to attack. Security companies have been pushing for a more proactive approach by monitoring unusual behaviors in the system and stopping it when necessary.

CARTA takes a three-pronged strategy where organizations can identify issues early, stop them, and respond to what cannot be prevented. Some companies have focused on stopping and forgot how to react should an attack happen.

“Levels of trust and risk associated with digital business entities and their actions are dynamic and need to be assessed continuously as interactions happen and context changes,” Wheatman added. “CARTA, together with investments in people, process, and tools, can help keep up with complex ecosystems and continuous change.”

Emerging tech

As if the issues on cloud technology is not enough, emerging technologies such as analytics, artificial intelligence, blockchain, machine learning, mobile, and the Internet of Things, also need an extensive strategy in terms of data protection.

“These technologies are bringing new opportunities, as well as new risks and challenges,” he said. “For example, the highly skilled talent that’s needed to support these new technologies is becoming very scarce. However, companies can do more with some of their existing resources.”

The Internet of Things will spike data by unimaginable proportions making the cloud environment a huge playground for cybercriminals. Businesses need to look at security as an important investment not only for the company but most especially to their clients.