Protecting vital information assets demands a full-spectrum cyber approach
In 2010, security and privacy graduated from IT department concerns. C-suites and boardrooms took notice of highly visible incidents, ranging from malware-infected motherboards from top-tier PC manufacturers1, to information theft from a leading cloud provider2, to the manipulation of the underlying routing tables of the internet, redirecting traffic to Chinese networks3. At the same time, the regulatory environment around sensitive data protection has become more rigorous, diverse and complex. Organizations are aware of the shifting threat profile and are working to deal with technical barriers as well as sophisticated criminal elements. Incidents are increasingly originating in the trust vector – due to inadvertent employee behavior via the sites they visit, the posts they access on social media sites or even the devices they bring with them to the workplace. A “protect-the-perimeter and respond-when-attacked” mentality is no longer sufficient.