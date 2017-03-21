In the run-up to last fall’s U.S. elections, hackers made headlines after they stole thousands of emails from the inbox of John Podesta, who chaired Hillary Clinton's presidential campaign.

But from a cybersecurity vantage point, this was really old news. Away from the glare of Washington D.C., attackers have long been busy deploying phishing emails, social engineering, and other schemes to penetrate enterprise security and steal employees’ credentials, such as passwords and user names.

While these types of attacks may fail to generate major headlines, they occur with regularity. Email, in fact, remains a favorite tool used by hackers to attack corporate networks. In an average month, about three-quarters of the more than 21 billion emails transmitted to organizations across the AT&T network are flagged as suspicious and blocked from reaching their destination, according to The CEO’s Guide to Data Security from AT&T. That is equivalent to more than 400 million spam messages on its network each day.

Flexibility to meet morphing threats

The onus falls to enterprise security experts to devise effective counter strategies that are as innovative as their companies’ business strategies.

Not only are cyberthreats increasingly pervasive but security practitioners must be at the top of their game, matching wits with a cohort of smart, organized cybercriminals who also value innovation as much as do traditional businesses.

Organizations face morphing security challenges that require innovative practices to combat ever-changing threats to data. Many of today’s cyberchallenges did not even exist until only a few years ago. That means the security strategy must be flexible enough to adapt to constant shifts in the threat landscape in what’s essentially an ongoing battle of attrition.

For example, static security perimeters no longer answer current needs. We inhabit a different computing era with data now scattered across mobile laptops, tablets, smartphones, and increasingly, IoT devices and the cloud. Security is a lot more complicated than when IT’s focus was on protecting information stored in on-site data centers.

For the cloud, organizations now have to defend against potential security risks associated with the growing use of third-party cloud storage services. In their report, AT&T states that the average company uses 49 file-sharing services alone, accounting for 39% of all company data uploaded to the cloud. At the same time, more than one in five documents uploaded to file-sharing services contain some sensitive data. But it also turns out that fewer than 10% of enterprises encrypt data when it’s at rest in the cloud — making it vulnerable to attackers. That’s got to change.

In the end, cybersecurity innovation features a blend of theory and practice. If done right, the result is a multilayered, proactive approach that protects all the components in the digital ecosystem, regardless whether the information resides on a smartphone, an IoT device, a server behind the corporate firewall, or in transit to or from the cloud.