Historically, IT security professionals have focussed on hardening perimeters, locking down company IT equipment and increasing security event reporting as the main ways to reduce risk from IT within the enterprise. As the business paradigm has changed with the advent of online sales, online collaboration, social & business media, BYOD, remote working etc. these conventional methods of protection need augmenting to meet the risk posed by today’s breed of highly sophisticated cyber criminal who also use physical and social vectors to achieve targeted attacks.
In addition to the threats posed from traditional “hackers” we have now witnessed the birth of a multi-faceted, cyber crime ecosystem with paid contractors undertaking specific assignments, leveraging their own particular skill sets. With the additional monetary rewards now available to these individuals and groups from organised crime, foreign state-sponsored actions, commercial competitors and even disgruntled employees and customers, this presents a novel array of risk challenges to all organisations with information assets to protect.