Other parts of this series:
Navigating the digital ecosystem can be a lot like living in a neighborhood: you know some of your neighbors well, others not as well, and you need to be vigilant when a stranger enters. In my previous post, I explained how the characteristics of the self-sustaining enterprise allow a firm to effectively interact with other ecosystem partners (or “neighbors”) while reducing the risk from threats. In this post, I’m going to explain how the increase in physical and digital connectedness has generated an influx of new and heightened security risks, and how this influx is impacting the cyber-attack surface.
The changing attack surface creates new vulnerabilities
Two primary forces are reshaping the enterprise security landscape. First, the rapid and uncontrolled proliferation of insecure devices has exponentially expanded the attack surface. In fact, according to Cisco Systems Inc., by the year 2020 there will be as many as 50 billion connected devices online.1 The Internet of Things is driving a digital deluge that ranges from automobiles and fitness monitors to supply chain infrastructures and power grids. This deluge is taking place in the veritable absence of embedded security guidance, standards, or accountability among manufacturers, and little in the way of incentive to create them.
Second, the merging of personal and professional lives has extended the attack surface, as individuals expand their connectedness through a plethora of personal devices and enterprises stretch their boundaries through channels like the liquid workforce. These developments have made the attack surface multidimensional and much more vulnerable to attack or exploitation.
Taking a new approach to enterprise security
Cyber attackers have taken advantage of the enhanced attack surface by turning what would otherwise be benign devices into weapons that can cause massive harm to corporations, industries, and nation states. The combination of devices and cloud services creates the potential for a worst-case scenario in which an attacker could seize control over a massive number of devices and very quickly do devastating harm. Preventing this type of devastation should be, in large part, up to enterprises and depends on a new approach to security that incorporates trust as a critical component.
What does trust mean in the new business ecosystem? It means applying technology to classify and create trust-driven levels and authentication mechanisms for every asset—be it human, machine, or data element. We expect security controls to be based on these degrees of trust and be constantly updated to align with changing business conditions.
In my next post, I’ll explain how you can build this type of dynamic trust-based security into your processes to transform your firm into a self-sustaining enterprise.
- “Cisco Systems’ 2 Growth Markets for 2017 (CSCO),” Investopedia, December 6, 2016. Access at: http://www.investopedia.com/news/cisco-systems-2-growth-markets-2017-csco/
For additional detail, please see: The Self-Sustaining Enterprise―Using Technology Innovation to Enhance Cyber Security Skills