Being able to retain customer trust has never been more important — or more difficult — following the events of 2020. With so much disarray and widespread changes to working patterns, such as the mass migration to remote working, the job of keeping businesses secure has never been more difficult.
Between more sophisticated
cybercriminals and immense pressure to ensure governance on compliance, 2021 is
already shaping up to be a minefield. And as such, cybersecurity has risen to
the top of most organisations’ agendas.
So, as we have entered what promises to
be a complicated year, here are three cybersecurity resolutions every business
should consider this year.
1. Watch out – Dark Clouds are on the horizon
Businesses haven’t been the only ones accelerating their digital transformation this year — cybercriminals have been hard at it too.
There has been a sharp rise in ‘Dark Clouds’ as cybercriminals have migrated to the cloud, often for the same reasons businesses have — cloud allows them to avoid big up-front capital expenses, pay monthly for their shady businesses and scale up only when they need to. Coupled with the ability to access information from anywhere, it’s no wonder we’re seeing cybercriminals innovate.
This ranges from cloud-based caches
filled with stolen user data such as email addresses and authentication
credentials, to personal identifiable information (PII) such as scans of
passports, driver’s licenses and bank statements.
Data exfiltration has become so valuable
it’s now the backbone of all cyberattacks. And it may only take one breach to
ruin your reputation and relationship with your customers.
That’s why not having an effective
cybersecurity program in place puts your business continuity at risk. Because,
this year, you’re either going to be one of those proactive organisations
aggressively looking to strengthen your systems ahead of time, or the other
type of business not doing that – and becoming more vulnerable with every
passing day.
2. Team up – cybersecurity has turned personal
Between collaborating cybercriminals,
the upwards trajectory of data growth and the distributed workforce, the risk
factor for every business is accelerating.
This is one reason why we expect to see
most businesses increase their general IT spending by around 5-10% this year,
despite the economic impact of the pandemic. And we expect most of that
allocation to go towards IT security. We have already seen how cyberattacks are
on the rise in South Africa with news reports of high profile data breaches of
several financial institutions.
But even with these investments, it
won’t be enough to cover all the potential threat vectors. So, businesses will
still be forced to place strategic bets across their people, processes and
technology in the hope of covering their weakest
points.
For example, will you invest in the education of employees (after all, people are always going to be the biggest weakness), or put that money into optimising and securing processes by investing in a security operations centre (SOC)? Or, will new technology be the most effective investment?
It’s impossible for every business to
get this mix perfectly right, so business leaders need to also strategise how
best to avoid cyberattacks. Too often, businesses expect their security team to
handle this. But most of the time, this leads to an over-reliance on IT
professionals who are already stretched thin by constantly putting out fires.
They don’t also have the time to develop this strategy.
That’s why making sure every member of the company plays in the cybersecurity challenge is key, especially now that working from home is proving to become a permanent culture with lockdown restrictions. For example, while employees may be a business’ biggest weakness, they also form the ‘human firewall’ and need to be equipped to do just that — which takes education.
But don’t let the collaboration end there — your entire ecosystem of peer-like organisations, experts, suppliers, vendors and even the government should be aligned and geared towards combating this threat.
Cybercriminals are already working together on a large scale, sharing information about critical vulnerabilities, breached systems and targets extremely fast.
So, don’t fight alone; work with contacts at the South African Police Services (SAPS) Electronic Crime Unit (ECU), which has a National Cybercrime Task Team or the Cybersecurity Hub, which is South Africa’s National Computer Security Incident Response Team introduced in 2012 by the Department of Telecommunications and Postal Services (DTPS) to help figure out how to best utilise risk management models and resiliency plans.
By ensuring you follow government
regulations such as those set out in the Electronic Communications and
Transactions Act and are compliant with the Protection of Personal Information
Act (POPIA), the increased alignment and information sharing between the
government and private organisations will help speed up the identification of
threats and lead to faster resolutions.
3. Gear up – look to hybrid security and intelligent backup to stay ahead
Technology is always going to be the heart of your cybersecurity fight, but no one product is going to maximize your cybersecurity state — you need to invest in your desired outcome. To do that, organisations need to look for software-defined models integrated with external services — a hybrid security approach.
This includes cloud-based software such
as PenTesting-as-a-Service (PtaaS), Scanning-as-a-Service (ScaaS), Network
Defense-as-a-Service (NDaaS), Disaster Recovery-as-a-Service (DRaaS) and
Backup-as-a-Service (BaaS).
A hybrid security approach which has
your internal security teams connected to external cybersecurity experts and
law enforcement will keep you the most secure, while also helping raise the
experience level of your security teams.
Conversely, backup should play a bigger
role within organisations. It not only gives organisations the ability to
restore and forensically analyse data in the event of a breach, but in a world
that’s becoming more critically reliant on ballooning data stores to improve
customer experience, backup can help better utilise it.
We’re already seeing some organisations
combine application owners, backup, analytics and security teams in a new (virtual)
data management team. This way, they can tackle the challenges around exposed
data, service level expectation and risk growth in the most beneficial and
economical way.
Ultimately, for businesses to really
keep up with their growing data and continue to derive useful insights from it,
they will need to invest in tools powered by Machine Learning (ML) and
Artificial Intelligence (AI) to speed up data extraction and analysis
processes.
As these technologies are also significant weapons in cybersecurity as well as aiding in data-driven decision-making, their adoption is expected to grow at a rapid pace and will add tremendous intelligence and power to the fight.
At its crux, the takeaway here is that in getting prepared for the cyberthreats of 2021, you will also be putting your business ahead of competitors and boost your productivity. So, don’t just choose a supplier or buy a new product — build an ecosystem that will stand by your side when the cybersecurity battle starts to heat up.