Absorbing the cyber punches while bouncing back is the future for security professionals according to Gartner research vice president Earl Perkins.
Speaking at the analyst firm’s Security & Risk Management Summit in Sydney, he told delegates that the time is right to make a proactive lasting change in their approach to security.
“You have an opportunity to lead your organisation to a risk managed digital future,” he said.
“This is a future of more profits and better customer service where organisations and security professionals can thrive.”
He shared Gartner’s principals of resilience.
The first is to move from check-box compliance to risk-based thinking.
“While this idea is not new, the urgency to embrace it is. Risk based thinking is about understanding the major risks your business will face and applying controls and investment in security to achieve outcomes,” said Perkins.
According to Perkins, security professionals must move from a singular focus on protecting the infrastructure to a new force on supporting organisational outcomes.
“For the last two decades, our investment decisions have been focused on protecting the infrastructure. This is no longer sufficient as you need to elevate your strategy to protect the things the business cares about. This means profitability, public service and protecting the mission.
“As part of a transition to supporting the business outcome mindset we must move from being the righteous defender of the organisation to balancing the needs of the organisation. We must not confuse security with control and we must resist the temptation to tell the business what to do.”
When the business decides that it wants to move workloads to the cloud, the defender mindset will pull back. The facilitator will work with business counterparts, he said.
“Digital business will bring in new types of information. We won’t own the infrastructure any more. You cannot apply appropriate controls when you don’t know where it is any more.”
Security professionals must also move from a singular focus on trying to prevent compromises.
“We need to react faster to breaches,” he said.
“In the digital world the pace of change will be too fast. Compromise is inevitable so you must invest in tools and people to see the breach.
“Applying these principles will help you gain a seat at the table," he said.
Follow Hamish Barwick on Twitter: @HamishBarwickRead more: OAIC investigates Ashley Madison data breach