With the cyber threat landscape complicated by laggard regulatory pressures and cyber complacence, it is time to go back to basics.
Digital transformation presents a strong opportunity to harness the power of data. However, it brings certain challenges to the fore including an organization’s ability to be secure and resilient.
A case in point is the new operating model of hyper-distributed environments. If not properly secured, these environments can open up an abundance of fresh attack surfaces and vulnerabilities. In a recent survey by ESG, 79% of companies globally have experienced a ransomware attack over the past year.
Cybercriminals continue to evolve their ability to exploit vulnerabilities as they emerge. Moreover, cybercriminals are becoming increasingly organized and their threats are more sophisticated. As more data and workloads go digital, the surface area for attack increases. Also, as more systems rely on complex and integrated supply chains, they become more easily accessible targets. Understandably, we are seeing more investment in advanced threat prevention technology.
A recent Gartner report estimates global information security and risk management end user spending will reach around $168 billion in 2022, up over $13 billion from 2021.
According to IDC’s 2022 FutureScape ‘Top 10 Predictions for the Future of Digital Infrastructure’, organizations must double down on efforts to ensure cyber-attack recovery, robust and reliable backup, consistent application performance, ongoing infrastructure sustainability, and supply chain integrity over the next 1-2 years.
Now is the time to address security, risk, and compliance gaps before they grow any wider.
Security obstacles within organizations
The alarming truth is that most organizations remain underprepared. Dell’s recent Breakthrough study reveals that 52% of workers admit they have not improved their security after hearing about publicized ransomware attacks. While they may have solid threat mitigation tools for their perimeters; if breached, an attack can traverse the infrastructure causing catastrophic damage.
Against this backdrop, it’s critical to call out four broad security obstacles within organizations:
1. There is a misconception that only businesses or industries of a certain size are targeted for cyber-attacks. Organizations overlook their security planning and only focus on preventing an attack. Although it is important to be resilient to such attacks, organizations must operate with the assumption that an attack is just a matter of time, in spite of the best defenses possible, and have a rapid recovery strategy in place.
2. As organizations hasten their pace of digital transformation, many of them make rapid technology changes without considering the security implications. In this data era, security transformation must accompany digital transformation.
3. Security applications have long been bolted-on and some have been an afterthought when creating new technologies. Often, security integration is not considered until after applications and processes have been developed, and then the framework is adapted to fit over existing operations as best it can.
4. Security is far too siloed – that is, it is defined within the confines of different development teams each building to their narrow functional lens, so it doesn’t play well across an organization. Security has to be purpose-built to detect and mitigate threats but has had little alignment with overall business objectives. This could create a scenario whereby a threat response in one portion of the business – say, an administrative function – could have an adverse effect on a more critical operational function, unnecessarily disrupting the business.
Fortifying your security strategy
Securing data, applications, and devices calls for a more mature approach that leverages innovative technologies for scale and intelligence, aligns around the business rather than the threats, is proactive in recovery planning, and defends the organization as a whole rather than in silos. To protect against and be resilient in the face of today’s advanced cyber threats, we recommend organizations consider three fundamentals to fortify their security posture.
1. Protect data and systems
The first step in fortifying with modern security is to re-think how you protect data and systems. It starts with trusted infrastructure that takes an intrinsic security approach. This means the infrastructure is secure by design and doesn’t introduce risk into your environment.
Security must be built-in. To the extent possible, it should evolve from using security applications as patches and instead be designed to be native to the architecture it’s going to protect. It should make use of devices, firmware, and processes intrinsically engineered for security from the start.
Given the increase in supply chain attacks, consistency is key to business success. Organizations should consider working with a trusted end-to-end provider who delivers secure infrastructure and supported by a culture focused on trust.
2. Enhance cyber resilience
In a cyber-resilient mindset, the focus shifts from defending against an attack to being resilient in the face of a cyber-attack. This ensures minimal disruption and loss. It’s important to note, that resiliency is not a technology; it is a strategy, or better yet, an outcome. Think of it as a “ready state” for withstanding attacks that culminates from planning, technology, and discipline so an organization knows exactly how they’re going to act when a breach is discovered.
Therefore, threat mitigation and resiliency planning need to be defined and prioritized in alignment with key business operations and services. Business continuity planning must evolve beyond solving for traditional disasters and ensure collaboration with IT teams and business stakeholders to gain better context regarding prioritizing critical applications and infrastructure. Being cyber resilient is about focusing on what’s really important to your organization and the services you provide to the market you serve.
3. Overcome security complexity
The final step in fortifying with modern security is to overcome security complexity. Digital transformation demands we supplant manually intensive practices with automation and insights that drive better business results. With accelerated digital transformation coupled with pandemic-driven labor shortages, it’s an ideal time to consolidate security tools and turn to automation, intelligence, and consolidation to enable scale.
Researcher ESG estimates the annual cost of data loss to be 4X for companies struggling with these inefficiencies by using too many providers. Consolidating tools where possible from a select number of providers simplifies your overall environment and enables more consistent governance, more predictable behavior, and more effective threat detection and mitigation.
Modern security is built-in, unified, and context driven. Building a robust security posture not only protects operations but also helps drive business outcomes. Our recent survey points out that resilient organizations are 7.7x more likely to deliver new market offerings to market ahead of the competition as they spend less time responding to disruption.
Therefore, organizations will benefit from modernizing their approach to cybersecurity and resilience. This, in turn, will allow them to effectively address risks and accelerate innovation.