INDUSTRY WATCH
Here is why African governments will need to adopt adaptive security
By Michael Brown , VP Analyst at Gartner
Data security has become a major concern for every organisation , especially for government agencies . Government CIOs must adapt to the new threats and familiarise themselves with the concept of adaptive security in order to better protect their agencies . Adaptive security is a powerful approach that government CIOs can use to protect their critical assets from cyber threats .
Government agencies are among the top targets for cyberattacks . Cyberattacks on government institutions at national , regional , and local levels are a global condition .
Historically , government organisations addressed cybersecurity in terms of compliance with volumes of written artifacts that are periodically reviewed and updated . This is changing with risk management frameworks that require continuous monitoring and ongoing or even continuous authorisation .
Government CIOs are today attempting to shift from compliance-based to riskbased approaches as the complexity of threats and vulnerabilities increases .
The adaptive security model is one in which cybersecurity tools , techniques , and talent merge to operate more like an autonomic biological immune system and continually adjust to the evolving threat landscape .
The traditional security measures often rely on static protocols that are not always effective against emerging cyber risks . Adaptive security takes a different approach by continuously monitoring the system for threats and adapting its defences accordingly . An adaptive security approach must address risk not only from IT vectors , but also across other domains , such as supply chains and cyber-physical systems . By adopting an adaptive security strategy , government CIOs can ensure their systems remain secure even in the face of constantly evolving cyber risks .
Government CIOs and cybersecurity teams must pursue technology refresh and renewal at a pace that may exceed that of other parts of the IT enterprise . In this accelerated refresh cycle , government CIOs must be mindful of their capacity to execute effectively and justify it in risk terms that the business will understand .
Government agencies face evolving threats , rapid advances in tools , updated compliance frameworks and updated strategies , cumulatively pressuring them to evaluate their cybersecurity capabilities and embrace adaptive security . to better protect and manage data . Organisations can implement robust data management and data protection strategies to suit their specific business and industry needs , as well as improve business resilience and data compliance . They can also manage risk across hybrid teams in a cloud environment and build a resilient business strategy . Some tips are :
Raise awareness
Highlight where the biggest risks lie and flag the importance of behaviour change in addressing the information security challenge . Companies have a critical role to play in providing the tools , training , and support to help people recognise and avoid risks , while also updating policies to ensure maximum understanding of , and accountability for , risk management .
Risk-aware culture
An organisation ’ s ability to fend off breaches needs to be built-in to every business process and policy . And that starts with shifting the whole organisational mindset around risk management , every employee needs to know that it is a fundamental responsibility . To help them , it is critical to reshape information management policies so that they are well-articulated and apply to office , hybrid , and remote workers , as well as vendors and contractors .
Physical traces
It is also vital to create a digital and physical archive for data , have a robust programme to dispose of physical documents and IT equipment when it is no longer in use , and ensure full chain of custody throughout all collection , transportation , digitisation , and disposition processes . Make sure workflows are built to manage risk , streamline processes to support employees and champion a supportive culture by making training more relevant and engaging .
3-2-1-1-0 data protection
That means three copies of data on two different media with one copy stored offsite , one stored offline and a no-errors back-up . A 3-2-1-1-0 back-up strategy reduces the impact of a single point of failure , such as a device being stolen or lost , or drive failure . password across multiple platforms , with 23 % keeping their password on a note on their desk , 37 % use public Wi-Fi to do work , and only 34 % see the value in shredding documents . More clearly needs to be done
Information security in a rapidly evolving cloud computing environment is complex – but with the right strategies , processes , policies and partners , business leaders can get the peace of mind that they need . p
66 INTELLIGENTCIO AFRICA www . intelligentcio . com