Over the past two years there has been mounting evidence of the Russians attacking the U.S. utility grid. Recently, the Wall Street Journal provided more specific details about the campaign revealing that hundreds of small contractors were attacked. While the techniques used were not novel, the campaign highlights an increasingly pervasive problem, as the Journal points out:
As organizations undertake digital transformation initiatives, cybersecurity concerns rise in significance. Digital transformation efforts often lead to the selection and implementation of new technology solutions, increasing the complexity of the computing environment and, therefore, increasing the attack surface of the organization. Cybersecurity professionals must remain at the top of their fields, keeping abreast of changing technologies. Certification programs provide IT leaders with an objective yardstick as they evaluate their teams’ existing skills and identify potential skill gaps.
The IDC FutureScape is an important compilation of several disciplines within IDC’s research sectors distilling insights from IT, cybersecurity, analytics, managed security services, identity and access management, and data and digital security. The perspective is global, and analysts from different global regions participated in the study. Each prediction is designed to demonstrate an outcome, although the limit of the study are predictions made through January 1, 2024. The larger goal of the exercise is to provide guidance for IT technology providers and for technology providers to best utilize their personnel, maximize the impact of current investments (and plan future investments), and improve their cybersecurity postures.
The most important security metric is “risk reduced per unit cost.” This metric enables you to collect the costs associated with your security environment related to the amount of risk that you have reduced.