The Sony Pictures Cyberattack and What It Says to IT Security Marketers
One of the most visible and highest-risk issues organizations face today is that of IT security– a point dramatically underscored recently by the Sony Pictures data breach. Organizations are faced with addressing a heady mix of needs and challenges. On the one hand, meeting customer expectations demands business processes become increasingly digitized, while apps are developed to facilitate and enhance user engagement. And it’s not only customers who are driving business innovation; it’s also the needs and expectations internal to organizations: the need to facilitate and enhance remote teams, while providing all employees mobile access. Yet, on the other hand, a significant consequence of the digitization of business is that data vulnerability is at an all-time high.
In this developing digital business context, data breaches and cyberattacks are an escalating and significant threat to organizations in the midst of transformation. Consequently, business leaders are forced to weigh risk and reward, calculating the complex tradeoff between data security, customer expectations, and business innovation.
Examining the recent cyberattack on Sony Pictures – in the context of IT Security survey findings conducted by Gatepoint Research in 2014 – highlights some of the inherent challenges IT Security executives and buyers are wrestling with. In this post we’re previewing two such challenges marketers of IT Security solutions need to address: (For a more complete look at those demands, difficulties, and current trends evidenced this year’s surveys, read our brief synthesizing those findings.)
Gaining stakeholder agreement on IT security goals & priorities
While IT Security is a clear strategic imperative today, the exigency of this concern isn’t necessarily shared by all of management. Various Gatepoint Research findings give evidence to this tension among stakeholders, where conflicting priorities are revealed when comparing responses between strategic- and tactical-level perspectives. A McKinsey article (Why senior leaders are the front line against cyberattacks, June 2014[i]) suggests several challenges exist in gaining widespread stakeholder agreement on IT security goals and priorities:
- “Executives must accept a certain level of cyberattack risk.” Competitiveness and innovation, at least to some degree, requires determining a measure of acceptable risk. Gaining consensus on what that means in practical application is a tricky endeavor.
- “The implications of cybersecurity are pervasive.” IT systems and applications are so fully integrated in the organization now that all functions are affected, bringing multiple and varied stakeholders to the table.
- “Cybersecurity risk is difficult to quantify.” Communicating urgency and agreeing on goals and priorities is difficult when there is no clear, objective method of assessing the value of the risk and associated mitigation tactics. Adding to the quantification challenge is the fact that the perceived level of risk is constantly in flux. Yet, as the fallout from the recent cyberattack on Sony Pictures painfully illustrates, the simple act of publicizing breached data can result in untold – and possibly irrecuperable – damages.
Keeping up with the increasing prevalence and sophistication of cyberattackers
Looking ahead to 2015, Gatepoint Research survey respondents are clearly concerned: IT security executives overwhelmingly expect to see an increased pace and sophistication of cyberattacks. In fact, only 8% of respondents are optimistic for an improvement in cyberattack trends. These results are in keeping with joint research this past year from McKinsey and the World Economic Forum. Their findings, detailed in their report (Risk and responsibility in a hyperconnected world: Implications for enterprises[ii]), indicate that “[n]early 80 percent of technology executives said that they cannot keep up with attackers’ increasing sophistication.” As recent news headlines illustrate, these concerns are not misplaced; the cyberattack on Sony Pictures has at once shown how vulnerable global organizations are, as well as how easily they can be manipulated, potentially inviting an upsurge in cyberattacks. In this new, grimmer outlook for 2015, IT Security solution vendors need to help their buyers feel safer by helping them make productive gains on attackers.
To provide fuller insight into current trends and challenges in the IT Security market, read Gatepoint Research’s Executive Brief on IT Security trends for 2015. Based on surveys conducted in 2014 among IT and Security executives at leading global firms, the brief synthesizes the findings from these surveys, highlighting the biggest challenges and concerns shared by buyers of IT Security, while recommending vendor actions to help buyers achieve their security goals.