NEW ORLEANS — One of the biggest threats cable operators face today — if not the biggest — is the risk related to cybersecurity, both internal and external.
But hidden in that threat, optimists in the cable industry believe, is a potentially lucrative opportunity as business and residential customers seek answers on how to come to grips with their unique security-related issues.
Both sides of that coin were the focus of John N. Stewart (pictured), the senior vice president and chief security and trust officer at Cisco Systems, who keynoted Tuesday’s Cybersecurity Symposium here.
Operators today are focused largely on ensuring that the networks they build work as advertised, Stewart noted, saying the “next step will be the protect side,” which is becoming increasingly important as more and more of the business becomes digitized.
He also cited some troubling survey data from PricewaterhouseCoopers that indicates just how big of an issue cybersecurity has become — about 90% of “large” organizations suffered a security breach, 50% of the worst breaches were caused by inadvertent human error, and 69% of large organizations were attacked by an unauthorized outsider.
Another problem is that most companies aren’t aware that they are under attack when it happens. Stewart said that 269 days is the average “time-to-detection” rate for many businesses.
“I would call that not winning,” he said, later citing a study showing that 50% of CEOs of companies with at least $500 million in revenues in 10 major economies said they were not prepared for a “major cyber event.”
But protecting those assets is a challenge, in part because the cybersecurity market is fragmented with suppliers and vendors, Stewart said. There are literally dozens of security technology suppliers helping to protect individual companies, he noted.
“There’s something wrong with that,” he said.
Amid all of this, the world is becoming increasingly connected as the so-called Internet of Things continues to blossom. The world is home to 13 billion connected devices today, and that number is expected to rise to 50 billion by 2020, Stewart said.
And there’s also a dearth of cybersecurity expertise, Stewart added, estimating that more than 1 million security pros are needed in the workforce worldwide.
“One million people don’t get built and trained by next year,” he said. “It’s a long-term problem.”
But there’s an opportunity woven into these challenges: “You can become the security system of your customer,” he said.
Still, making cybersecurity a major priority in every facet of the business will require some shifts in a company’s capabilities and culture. In addition to creating an information security team, security must also be embedded in a company’s IT infrastructure and in every corner of the business.
“It will differentiate your business over time,” Stewart stressed.
But getting to that point requires buy-in from the highest levels of the company, so Stewart challenged engineers to engage with senior leadership on the issue.
While that could help operators protect themselves from internal and external threats, Stewart also issued his final challenge to the industry: “Become the protection arm for your customers.”
In addition to helping to keep hackers off the network, it could also become a revenue stream, as Stewart suggested that some customers would be willing to pay $4 to $5 per month extra for help fending off cyber threats.