Business-Driven Cyberdefense Model
Most large companies have dramatically strengthened their cybersecurity capabilities over the past five years. Formal processes have been implemented to identify and prioritize technology security risks and develop mitigation strategies, and hundreds of millions of dollars have been dedicated to execute these strategies. Desktop environments are far less “wide open” than they were even five years ago, as ports have been disabled and mail services blocked. Robust technologies and initiatives have been put in place to address attacks on the perimeter.
Move from Protecting the Perimeter to Protecting Data
Our research shows that attacks on government data and systems, critical national infrastructure, and private enterprises’ intellectual property carry the most value at risk. Our cybersecurity experts have identified the elements of a next-generation cyberdefense, and are conducting ongoing research on the primary cyberthreats that governments face as well as the various levers they can use to counter these threats.
Most organizations have approached cybersecurity by trying to put increasingly sophisticated defenses around their perimeter. The reality is that a motivated attacker will likely find vulnerability—or an employee may inadvertently create an opening. Progressive corporations are reorienting security architectures from devices and locations to roles and data. Ultimately, plugging your laptop into the network at a corporate location may enable you to do no more than reach publicly available Web sites. Accessing corporate data or applications, however, would require authentication of your identity.
Reconnaissance Activities in Real-Time
Security will soon become a fundamental design decision in underlying technology architectures. If customer credit card information resides in a single database, for example, a cybercriminal would only have to breach security once to engage in fraudulent transactions. Separating credit card numbers and expiration dates vastly complicates the task. Since a malicious systems or database administrator can be much more dangerous than even the most careless end user, some technology organizations have started to limit the number of people who can access production systems and data, preventing not only application developers but also infrastructure engineers from touching “live machinery.”
Repelling the Cyberattackers
Corporations need to acknowledge that it is an ongoing battle to “solve” cybersecurity. New digital assets and mechanisms for accessing them simply mean new types of attacks. Already, many corporations are conducting simulated cyber attacks to identify unexpected vulnerabilities and develop organizational muscles for managing breaches. Some have built sophisticated capabilities to aggregate and analyze massive amounts of operational data to uncover emerging threats. In addition, corporations must make cybersecurity, such as the information security measures that need to be implemented before entering new geographies, a key part of the business case for major initiatives. Our cybersecurity services help organizations in their management of information and technology risks by delivering end-to-end solutions, using demonstrated methodologies.
Our global business technology consultants are committed to working with executives on their most challenging technology issues. We help companies address the opportunities and challenges created by new business models and technologies.
How can we help you?
We help defense ministries, intelligence agencies, and other national-security organizations address their most difficult challenges and important opportunities.