Keeping the lights ON!
As breaches and cyber threats continue to mount, so do the government and industry regulations designed to increase enterprise security, fight consumer data theft, and protect the critical infrastructure. And, as the complexities of security and regulatory compliance increase, so does the need for organizations to turn to the expertise of the channel to manage risk more effectively.
According to a recent report by Global Industry Analysts, the market for managed security services will reach $8.4 billion by 2015. A separate report, from the same group, pegs the market for all IT security products and services at $125 billion that same year.
Consider the recent Epsilon breach, where many dozens of companies had their customer contact information stolen. Following that breach, there's been talk in Washington D.C. of even more stringent privacy laws for companies that handle customer data. And this comes at a time when the industry already faces stern data security laws.
Compliance and security-related spending also is increasing in critical infrastructure and utilities.
A recent survey produced by the Center for Strategic and International Studies (CSIS), and funded by IT security firm McAfee, found a startling gap between where critical infrastructure security actually is today and where it should be. The survey consisted of 200 IT security executives from critical power infrastructure providers in 14 countries. It found that 40 percent of those surveyed believe that their industry has become more vulnerable than the prior year; about 30 percent also believe their company is not prepared for a cyber attack.
To improve resiliency against such attacks, the bulk power generation industry is working now to comply better with NERC's Critical Infrastructure Protection (CIP) regulations. CIP regulations are designed to help the bulk power generation and delivery infrastructure by establishing a minimum acceptable level of risk. It does so by requiring thorough log collection and analysis, access control, reporting, deployment of intrusion detection/prevention systems, and other controls. Solution providers who have worked extensively with utilities say that, while many utilities have improved from where they were a few years ago, there still is much more to be done.
To harden those vulnerabilities, utilities are deploying more traditional IT technologies such as firewalls, intrusion detection systems, and security information and event managers around crucial systems. They're also increasing their use of security-related services. We see them requesting more penetration tests, so that utilities obtain a better view of the viability of their entire security architecture.
No comments:
Post a Comment