• Engaging with effective governance

      Giving South African municipalities access to the tools and technologies it needs to thrive, was the driving force behind BCX SOLAR. Giving South African municipalities access to the tools and technologies it needs to thrive, was the driving force behind BCX SOLAR.

      Mining Sector

      Increase productivity & build a culture of innovation

      Financial Sector

      Meet the challenges of disruption & cyber security

      Healthcare Sector

      Empower your patients & leverage data by deploying customised solutions

      Retail Sector

      Embrace the changing retail landscape & know your customer

      Government Sector

      Use digital transformation to grow the economy & build capacity

      Industries Overview >

    • Cloud
      Reimagine success

      Accelerate your business ambitions with cloud computing solutions from BCX.

      Digital Innovation Awards

      BCX Digital Innovation Awards

      Cloud

      Computing for today & the future

      Digital Transformation

      Intelligent systems upgrading

      Analytics

      Data that works for you

      Applications

      Tools to streamline operations

      Services

      Strategies for efficient ICT
      Healthcare Solutions

      Healthcare Solutions

      Applications for healthcare
      BCX ERP Solutions

      SOLAR ERP Solutions

      Connect, integrate, and optimise

      Security

      Protection for your critical systems

      Devices

      Processes & network foundations

      Connectivity

      Connections within & without

      Partners

      Partnerships moving business forward
      BCX HR and Payroll

      HR and Payroll Solutions

      Everything to manage people & payroll

      Solutions Overview >

    • Our Offices
      BCX Head Office
      1021 Lenchen Avenue North
      Centurion, Gauteng
      South Africa
      0157
      Botswana

      Botswana

      Mozambique

      Mozambique

      Namibia

      Namibia

      Zambia

      Zambia

      UK

      United Kingdom

      Our Global Footprint Overview >

    • Speak To An Expert
      We'll need just a few details from you, and one of our specialists will be in touch as soon as possible.
      BCX HEAD OFFICE

      Employee Entrance:

      1021 Lenchen Avenue North
      Centurion
      Gauteng
      South Africa
      0157

      Visitors Entrance:

      1266 South Road
      Centurion
      Gauteng
      South Africa
      0157
Home > How CISOs can start addressing the technology fragmentation challenge

How CISOs can start addressing the technology fragmentation challenge

22 June, 2022
Technology fragmentation is a challenge facing almost every business. The problem occurs for a number of reasons. There are legacy systems that are critical, but have reached end of life and are no longer patched or supported, posing a massive security risk. Then there are custom systems built by an employee who has subsequently left, leaving the system without a champion. There’s also shadow IT – those systems and solutions deployed by individuals or business units independently of the IT department.

By Wayne Olsen, Managing Executive: Cyber Security, BCX

The speed of digitalisation has meant businesses have had to migrate workloads to the cloud without necessarily considering the security ramifications. Segmentation in the business as a whole has led to fragmentation at an operating system or desktop level, as organisations have acquired tools to meet the needs of people in different roles. Often, they’ve oversubscribed to multiple tools doing similar things, which inflates the cost.

From a security perspective, having multiple tools means you don’t have overall visibility. This is particularly relevant when breaches occur. The chief security officer’s greatest challenge is getting to the root cause of any breach specifically because businesses use multiple, disparate systems.

The longer it takes for the CISO to find the cause of a breach, the longer hackers have to move around in your systems. IBM’s Cost of a Data Breach 2021 report found that it takes an average of 287 days to identify and contain a breach – that’s roughly nine months. The majority of that time, the hacker is inside the organisation, undetected. While the security team is trying to figure out how they got in and what they have done, they move sideways. This opens up the business to double extortion – hackers threaten to reveal that they have been breached, as well as threatening to reveal confidential information if they’re not paid a ransom for it.

Consolidating spend – and vendors

More mature organisations have embarked on drives to consolidate their spend to a single vendor’s technology. The costs saved can be used to train people to specialise in the technology. The real-time visibility this gives them makes their security postures much stronger.

Multiple streams of information flow into organisations daily, and the rate is only growing. From the web and email, to sharing platforms and chat programs – attackers have multiple platforms to get in. Having disparate software security tools deployed across a business means you’re effectively deploying a security company for your email security, a different company for chat and another security provider for your firewall. They don’t talk to each other and they all talk individually to you. You need a security partner on the backend with a control room that has a single view and real-time visibility into all of these streams and that can act immediately in cases of a breach, in concert with your internal teams.

Advanced security teams are taking this one step further to proactive response or pre-breach analysis. For example, the electric fence keeps going off and our cameras are picking up a red car at roughly the same time. Coincidence? Unlikely. Security teams are using indicators from operational and security systems across the organisation to detect possible compromises and pre-empt breaches.

Most people don’t really understand how many different systems they’re touching in the course of executing their duties, and that each is a potential point of entry for an attacker.

Communication is key

CISOs looking to address this issue need to start by communicating more effectively and engaging more with the business. For the first time, CISOs are being invited to sit at the table with the rest of the C-Suite. They need to take the tech jargon out of the conversation and start speaking plainly about the implications of security breaches – financial and reputational – and system downtime. They need to start measuring risks and evaluating what needs to be spent where to deliver the optimal result given the business’s goals and objectives.

CISOs have a big responsibility. In larger organisations, this is a mammoth task. They need to upgrade systems, networks, infrastructure, manage innovation and service delivery, and ensure security starts being baked into all of this from scratch. If they’re to do this effectively, they need CEOs to understand what is happening in their environments and why it’s important. CISOs need to step up and be heard more clearly to make the business understand the risks of the digital journey on which we have all embarked.

Share

SPEAK TO AN EXPERT

 We'll just need a few details from you, and one of our specialists will be in touch.

Consent
Please read our Privacy Statement & Consent Clause to understand what happens to your personal information.

RELATED POSTS