@DXWorldExpo Authors: Kevin Benedict, Zakia Bouachraoui, Elizabeth White, Maria C. Horton, Liz McMillan

News Feed Item

Holistic Cyber Risk Management Program Must “Predict and Prevent” in Today’s Complex Threat Environment, says new White Paper

In today’s world of dynamic and complex cyber threats, Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) from commercial and government enterprises are evaluating how to move from a react and defend stance to a holistic cyber risk management program that is focused on the ability to predict and prevent. In response to IT and security leaders’ needs for information on how to more effectively maintain data integrity and security, Booz Allen Hamilton (NYSE: BAH) has released the results of a company-sponsored IDC White Paper, “Shifting Risks and IT Complexities Create Demands for New Enterprise Security Strategies.”(February 2014)

The study, which captures the results of interviews with information security executives across the financial services, federal government, large supply chain manufacturing, oil and gas and pharmaceutical sciences industries, gives security decision-makers practical, actionable information on the current threat landscape, the changing role of the CISO and CRO, and the consequential need for an end-to-end security and service partner.

“Organizations are learning that cyber security threats create both tangible and intangible impact on their abilities to do business and function,” said Christopher Ling, executive vice president, Booz Allen. “It may be easy to calculate the impact of an attack in terms of staff time, replacement costs, lost productivity, and the cost of compliance and meeting contractual obligations, but it is more difficult to determine the loss of brand, reputation and relationships and to tally liabilities. Damage to intangible assets often does not immediately come to light, but it can have significant long-term impact. IT and cyber leaders understand to varying degrees that all it takes is one incident to create irreparable damage and that a holistic threat management system can go far in keeping their organizations safe from harm.”

The IDC White Paper analyzed the concerns of information security leaders in five industries and provided threat-based implications that CISOs and CROs can act upon.

  • Financial Services – The evolving threat landscape and rise in the frequency and sophistication of attacks has demanded a holistic response from the financial services industry. Its leaders are well known for making advanced, predictive threat intelligence solutions a priority. Looking ahead, the industry must take advantage of services that better analyze threats on the unstructured and structured components of “big data,” and most institutions will lack the capabilities to perform this work effectively in-house.
  • Federal government – Although agencies are hiring Chief Security Officers, much of the responsibility is still falling to the CIO. Today’s federal IT security managers must address how to deliver security across legacy systems as well as cloud-based and mobile applications, and are searching for security that encompasses the “new” and the “old.” Lurking APTs are prompting many managers to use network monitoring tools, consistency checks and access control management. Agencies remain cautious about exploring security service partnerships, preferring to retain security personnel and risk management in-house, but this raises questions about compliance with internal and government-wide security policies.
  • Oil and gas –The introduction of data-intensive processes, such as the digital oil field, paired with high-profile attacks on energy companies has led many oil and gas companies to make the protection of data and corporate IT assets a top priority. In the very near future, the protection of industrial control systems – the source of many critical oil and gas assets – will become a key area of investment for most oil and gas companies.
  • Supply chain/Manufacturing – The increasingly distributed nature of the manufacturing supply chain is putting it at a greater risk for data security treats. Providers and manufacturers must strike the right balance between a desire for transparency and the need to ensure that this openness does not make them an easy target for cyber attacks. The landscape is changing and automation is on the rise; this brings greater risk to industrial control systems.
  • Pharmaceuticals/Life sciences – Companies are working through a challenging period of industry disruption, battling regulatory changes and the pressure to continue reducing costs. On top of that, companies must now reinforce their commitment to patient privacy by focusing much more attention on preventing the damage APTs can bring. The vulnerabilities created by the widespread adoption of mobile devices are one area of particular concern, and with most life sciences software moving to the cloud, the industry has increased its exposure. As companies spend billions into the R&D for new drugs, security surrounding that information is critical because a stolen IP can cost a company billions more and affect the company’s future viability. Given these concerns, one key capability is assuring the ability to secure and remotely erase all data on these devices.

As threats continue to evolve and attackers exploit organizations’ weakest links, the IDC White Paper concludes that CISOs and CROs can better manage their organization’s security demands by engaging with a security partner. Through its interviews with security executives, IDC collected input on the skill set a provider should have:

  • An understanding of the business needs by industry
  • A comprehensive security services portfolio that ranges from consulting and implementation to managed security services offerings
  • Threat intelligence that creates actionable data that feeds into a managed service
  • A broad array of security products and partnerships with vendors
  • Solid customer testimonials within the buyer's industry
  • A strong balance sheet and strong growth trajectory

Booz Allen’s Christopher Ling added, “CISOs and CROs across all industries have many challenges ahead. Perhaps one of the most critical is translating cyber risk management in terms that the C-suite will value. This report will help leaders address this issue and others, such as whether it is in their organization’s best interests to either manage all components of cyber risk defense or collaborate with a provider who brings broad expertise.”

At the 2014 RSA Conference, Booz Allen Hamilton’s vice chair, Mike McConnell, and Christopher Ling will speak with CISOs about the challenges they face engaging with the C-suite and moving from a perimeter defense to a holistic cyber program.

About Booz Allen Hamilton

Booz Allen Hamilton is a leading provider of management consulting, technology, and engineering services to the U.S. government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs approximately 23,000 people, and had revenue of $5.76 billion for the 12 months ended March 31, 2013.


More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

DXWorldEXPO Digital Transformation Stories
@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in ...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
LogRocket helps product teams develop better experiences for users by recording videos of user sessions with logs and network data. It identifies UX problems and reveals the root cause of every bug. LogRocket presents impactful errors on a website, and how to reproduce it. With LogRocket, users can replay problems.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secu...
Rafay enables developers to automate the distribution, operations, cross-region scaling and lifecycle management of containerized microservices across public and private clouds, and service provider networks. Rafay's platform is built around foundational elements that together deliver an optimal abstraction layer across disparate infrastructure, making it easy for developers to scale and operate applications across any number of locations or regions. Consumed as a service, Rafay's platform elimi...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...