Dubai: With digital transformation gaining traction, 50 per cent of the IT spending will be outside of the control of the traditional IT department by 2017, research analysts at Gartner said.
Gartner defines digital business as new business that blends the virtual world and the physical worlds, changing how processes and industries work through cloud, mobile computing and Internet of Things (IoT).
IoT is defined as the network of devices that are connected to the Internet and can be controlled remotely.
Peter Firstbrook, research vice-president at Gartner, said at the Gartner Security and Risk Management Summit 2015 in Dubai on Monday, that there is a dramatic shift in IT spending power and there is a shift of demand and control away from IT and towards digital business units closer to the customer.
“Digital start-ups sit inside your own organisation, in your marketing department, in HR, in logistics and in sales. Your business units are acting as technology start-ups,” he said.
He said that companies need not blow all their money on shiny new security products. The time is right to make proactive lasting change in how enterprises approach information security.
Compromise is “inevitable”. Enterprises must move from a singular focus on trying to prevent compromise to acknowledging that they will never have perfect protection.
“We need to be able to protect compromise and react faster. The disparity between the speed of compromise and the speed of detection is one of the starkest findings in recent breach reports,” he said.
“You can’t do this alone. We must understand the limits of security technology and realise that properly motivated people can be the strongest link in our security chain. We need to shape behaviour. We need to properly motivate people to do the right thing, not just force them to do what we want.
“Phishing is the initial infection vector in almost 80 per cent of infrastructure breaches. However, there are no completely effective technical controls for this problem. But when employees are motivated and understand the limitations of trust in email, the click-through rate of phishing emails drops dramatically,” he said.
He said that resilience is the key to adapting the new world of digital business.
“Resilience is about absorbing the punches and bouncing back, while accepting a certain risk for the achievement of success. We need to start absorbing some punches too and we need to start focusing on success.”
Digital Risk Officer is the future of IT security and management, he added.
“You have to invest in technical, procedural and human capabilities to detect when a compromise occurs, and you must provide the first responders with the tools they need to react quickly to investigate the source and impact of the breach and start remediating.”
