Information security: a multi-dimensional challenge

The future of business is built on data. A few years ago, this statement might be labeled as exaggerated, however it’s very descriptive in the age of digital transformation. By the same token, poorly protected data represents a risk for the entire organization. Therefore, we can say that the numbers detected by IDC and presented at Cirion Forum’s latest edition in Buenos Aires, are reasonable: 38% of the main IT initiatives in Latin America are linked to information security.

The road to a cyber-secure company, albeit necessary, is also a multi-dimensional challenge.

The main one is driving greater information security education within companies. Historically, an organization was more likely to worry about its security after experiencing an incident. When looking at the daily volume of attacks, we can infer that it is even more likely that every company has already experienced one. This is why it’s time to shift paradigms, starting by feeling vulnerable and deploying the best protection models possible.

Leaks may occur as a result of bad decision-making based on erroneous information. A common example: many organizations think that hiring a public cloud service solves their problem. While it’s true that the large cloud providers offer security and excellence and comply with the sector’s main international rules, this primarily includes the infrastructure level. This means that companies don’t think about end-to-end protection for their data, which exposes several gaps.

Additionally, other weaknesses appeared as a consequence of the pandemic. The accelerated digitalization taking place at the time often pushed security aspects to the background. Systems had to be moved from premises to the cloud to keep organizations operational, but there was neither time nor resources to conduct detailed analyses of the security gaps revealed. In this sense, there is now a greater level of awareness regarding this issue and new projects tend to consider information security as early as in conception.

Talent deficiency

Another strong impact on security is caused by the resource gap. IDC states that 85.5% of Latin American companies face difficulties in finding personnel with the appropriate skills, and 47.3% count on only one specialized cyber security resource. Therefore, the presence of a technology partner is key, bringing knowledge, updates, and experience that would be difficult to find internally.

Finally, emerging technologies present a new challenge: artificial intelligence (AI) is a double-edged sword. On one hand, it is a key ally for automating and predicting zero-day attacks, new vulnerabilities, exploits, and other threats which can represent an impossible volume of information to be digested by a group or groups of analysts. By using AI for detection, experts can tackle deeper issues. However, this same AI is being used by attackers to perfect their strategies.

There are obviously many challenges, but the goal should be always the same: implementing a layered, end-to-end strategy that protects access, the increasingly remote connectivity of users (with “zero trust” strategies), APIs and, of course, the traditional perimeter, with state-of-the-art firewalls. To do this, the first step is to understand the business, its needs, its vulnerabilities and its risks, and understand the complete trajectory of data and applications. This is the only way to maximize protection and reduce the surfaces of attack.