What's causing today's IT security gap?

What’s stopping global businesses from protecting their assets despite significant investments in cyber security programmes?
IT, Security, Data, Tech, Business, Technology, HP, Aruba


There is a dangerous gap in modern IT security, says Rabih Itani.

We define the security gap as the inability of an organisation’s people, processes and technologies to keep up with a constantly changing threat landscape. And, given that data breaches are now so common that on average 58 records are stolen every second, we know it’s a problem that needs to be addressed urgently.

Here’s a closer look at some of the hurdles that are stopping businesses from identifying, detecting, containing and resolving data breaches and other security incidents in an IoT era.

Expanding and blurring the line of the corporate perimetre

Firstly, it’s no secret that the volume of IoT devices connecting to corporate networks has exploded – eclipsing that of the global population. This level of proliferation is impacting the requirements each organisation has when it comes to network security. Over half (55%) of respondents from our global study with The Ponemon Institute said it is hard to protect the expanding and blurring IT perimeter considering IoT, especially with BYOD, cloud and the opening up of networks to partners.  A clear lack in security strategy around IoT is only compounding this problem. In fact, only 24 percent of respondents said that their organisation’s IoT devices are appropriately secured with a proper security strategy in place.

Tackling the security issue without the skills and expertise

A big part of this problem is rooted in the difficulty organisations have in recruiting security staff with the necessary skills and expertise to protect complex and dynamically changing attack surfaces. Half of Ponemon’s respondents said staff lack the crucial expertise to match the risks these attackers and corresponding threats present, citing it as the main reason behind security gaps.

Accountability is another issue for consideration. When asked who inside their organisation was responsible for IoT security, responses ranged from CTO, CIO, CISO and line-of-business leaders. Lack of ownership of course impacts the ability of an organisation to tackle complex cybersecurity threats – as there is no clear consensus over where the responsibility lies. 

A disconnect on IT process and training

In addition to this, employees lack security understanding. For example, in a previous study, over 70% of global employees revealed they were compromising network security by sharing passwords and devices. It’s these kind of behaviours that can cause immense damage. Just imagine an employee with local administrator rights disabling security solutions on their PC. It could allow an infection to spread onto the entire corporate network.
To keep up with these threats and future-proof against the insider threat, of course training is valuable, but we also need to keep ahead of sophisticated and well financed attackers by being able to act with speed and deep visibility into user activity. That way we can spot potential changes in behaviour and respond quickly enough to threats before it is too late. 

Closing the gap: pairing human and technical

People and process must be prioritised if we’re to close the IT security gap, but there are also technical steps that can support organisations in tackling these hurdles while also augmenting the existing work security staff are doing.

And businesses are starting to catch on. We know from Ponemon’s study that more than a quarter of security professionals are already embedding AI into security systems. Doing so, they’re able to reduce false positives, improve the efficiency of security investigations and detect attacks that are evading traditional perimeter defences.

Using a combination of AI and machine learning, IT staff can recognise, profile and connect every device accessing their network, giving each its own risk profile, and raising an alert if unusual behaviour is detected. In fact, over half (64%) of IT professionals confirmed that these new technologies, like machine learning, are needed to discover and understand threats that are active in the IT infrastructure. A similar number (51%) agreed that AI technologies like machine learning and behavioural analytics are essential to detecting attacks on the inside before they do damage.

Against this backdrop, AI-based security tools, which can automate tasks and free up IT personnel to manage other aspects of a security programme, were viewed as critical for helping businesses keep up with increasing threat levels. What steps are you taking to address the IT security gap?

Rabih Itani is regional business development manager of security for the Middle East and Turkey at Aruba, a Hewlett Packard Enterprise company.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

Editor's Choice

Emerson expands analytics platform for industrial enterprise-level wireless infrastructure management
Plantweb Insight platform adds two new Pervasive Sensing applications that manage wireless networks more efficiently with a singular interface to the enterprise
Digitalisation seen as a competitive advantage by Middle East private businesses
Nearly 80 per cent of private business leaders acknowledge that digitalisation can impact business sustainability
Etisalat introduces Multi-Access Edge Computing architecture delivering best-in-class video streaming performance for 5G networks
MEC architecture achieves performance gains of as much as 90% in video streaming, validating how ultra-low-latency applications will be delivered over 4G and 5G networks

Most popular

Don't Miss a Story