Every business relies on electronic information infrastructure to conduct its operations. This dependence presents both opportunities for collaboration and innovation; and risks to cyberattack and information loss.
While technologies that support data development, collection and sharing have advanced exponentially, so have the capabilities and sophistication of our cyber-adversaries. In this complex, dynamic environment, a CIO must advance enterprise IT systems while protecting company information.
Although cyber-attack types and frequency are ever-evolving, most assaults remain internet-based, either through email or compromised or malicious websites. In addition to these standard threats, new cyber-risks include the integration of operation technology into standard IT networks and a growing acknowledgment of supply chain risk.
Embedded operational technologies —hardware and software that gather and deliver analytical data about existing enterprise IT tools and processes —are increasingly proving more valuable to our IT environments. Their increased use, along with a greater overlap in historically closed industrial and private IT systems, means new security concerns are on the rise.
Gartner, Inc., a global research and advisory firm, predicts there will be about 1.7 billion new devices per year attaching to the enterprise network by 2023. Future operational technologies will have differing provisioning, security, monitoring and management requirements. A CIO must develop a plan to manage these new devices and maintain IT environmental integrity.
Multiple points of intersection across the enterprise infrastructure make an “Internet of Things” network strategy a daunting task for CIOs. Integrating and securing these devices will rely on some of the same principles that have already been defined for your current IT environment.
This integration of information technology and operational technology (IT/OT) relies on a complex, globally distributed and interconnected supply chain system. This supply chain system contains numerous hardware and software components from multiple vendors, so globalization of components increases the risk of supply chain compromise.
Cyber Supply Chain Risk Management—the process of identifying, assessing, and mitigating the risks associated with product supply chains —covers the entire lifecycle of a product or system (from conception to decommissioning).