Being able to retain customer trust has never been more important — or more difficult — following the events of 2020. With so much disarray and widespread changes to working patterns, such as the mass migration to remote working, the job of keeping businesses secure has never been more difficult.
Between more sophisticated cybercriminals and immense pressure to ensure governance on compliance, 2021 is already shaping up to be a minefield. And as such, cybersecurity has risen to the top of most organisations’ agendas.
So, as we have entered what promises to be a complicated year, here are three cybersecurity resolutions every business should consider this year.
1. Watch out – Dark Clouds are on the horizon
Businesses haven’t been the only ones accelerating their digital transformation this year — cybercriminals have been hard at it too.
There has been a sharp rise in ‘Dark Clouds’ as cybercriminals have migrated to the cloud, often for the same reasons businesses have — cloud allows them to avoid big up-front capital expenses, pay monthly for their shady businesses and scale up only when they need to. Coupled with the ability to access information from anywhere, it’s no wonder we’re seeing cybercriminals innovate.
This ranges from cloud-based caches filled with stolen user data such as email addresses and authentication credentials, to personal identifiable information (PII) such as scans of passports, driver’s licenses and bank statements.
Data exfiltration has become so valuable it’s now the backbone of all cyberattacks. And it may only take one breach to ruin your reputation and relationship with your customers.
That’s why not having an effective cybersecurity program in place puts your business continuity at risk. Because, this year, you’re either going to be one of those proactive organisations aggressively looking to strengthen your systems ahead of time, or the other type of business not doing that – and becoming more vulnerable with every passing day.
2. Team up – cybersecurity has turned personal
Between collaborating cybercriminals, the upwards trajectory of data growth and the distributed workforce, the risk factor for every business is accelerating.
This is one reason why we expect to see most businesses increase their general IT spending by around 5-10% this year, despite the economic impact of the pandemic. And we expect most of that allocation to go towards IT security. We have already seen how cyberattacks are on the rise in South Africa with news reports of high profile data breaches of several financial institutions.
But even with these investments, it won’t be enough to cover all the potential threat vectors. So, businesses will still be forced to place strategic bets across their people, processes and technology in the hope of covering their weakest points.
For example, will you invest in the education of employees (after all, people are always going to be the biggest weakness), or put that money into optimising and securing processes by investing in a security operations centre (SOC)? Or, will new technology be the most effective investment?
It’s impossible for every business to get this mix perfectly right, so business leaders need to also strategise how best to avoid cyberattacks. Too often, businesses expect their security team to handle this. But most of the time, this leads to an over-reliance on IT professionals who are already stretched thin by constantly putting out fires. They don’t also have the time to develop this strategy.
That’s why making sure every member of the company plays in the cybersecurity challenge is key, especially now that working from home is proving to become a permanent culture with lockdown restrictions. For example, while employees may be a business’ biggest weakness, they also form the ‘human firewall’ and need to be equipped to do just that — which takes education.
But don’t let the collaboration end there — your entire ecosystem of peer-like organisations, experts, suppliers, vendors and even the government should be aligned and geared towards combating this threat.
Cybercriminals are already working together on a large scale, sharing information about critical vulnerabilities, breached systems and targets extremely fast.
So, don’t fight alone; work with contacts at the South African Police Services (SAPS) Electronic Crime Unit (ECU), which has a National Cybercrime Task Team or the Cybersecurity Hub, which is South Africa’s National Computer Security Incident Response Team introduced in 2012 by the Department of Telecommunications and Postal Services (DTPS) to help figure out how to best utilise risk management models and resiliency plans.
By ensuring you follow government regulations such as those set out in the Electronic Communications and Transactions Act and are compliant with the Protection of Personal Information Act (POPIA), the increased alignment and information sharing between the government and private organisations will help speed up the identification of threats and lead to faster resolutions.
3. Gear up – look to hybrid security and intelligent backup to stay ahead
Technology is always going to be the heart of your cybersecurity fight, but no one product is going to maximize your cybersecurity state — you need to invest in your desired outcome. To do that, organisations need to look for software-defined models integrated with external services — a hybrid security approach.
This includes cloud-based software such as PenTesting-as-a-Service (PtaaS), Scanning-as-a-Service (ScaaS), Network Defense-as-a-Service (NDaaS), Disaster Recovery-as-a-Service (DRaaS) and Backup-as-a-Service (BaaS).
A hybrid security approach which has your internal security teams connected to external cybersecurity experts and law enforcement will keep you the most secure, while also helping raise the experience level of your security teams.
Conversely, backup should play a bigger role within organisations. It not only gives organisations the ability to restore and forensically analyse data in the event of a breach, but in a world that’s becoming more critically reliant on ballooning data stores to improve customer experience, backup can help better utilise it.
We’re already seeing some organisations combine application owners, backup, analytics and security teams in a new (virtual) data management team. This way, they can tackle the challenges around exposed data, service level expectation and risk growth in the most beneficial and economical way.
Ultimately, for businesses to really keep up with their growing data and continue to derive useful insights from it, they will need to invest in tools powered by Machine Learning (ML) and Artificial Intelligence (AI) to speed up data extraction and analysis processes.
As these technologies are also significant weapons in cybersecurity as well as aiding in data-driven decision-making, their adoption is expected to grow at a rapid pace and will add tremendous intelligence and power to the fight.
At its crux, the takeaway here is that in getting prepared for the cyberthreats of 2021, you will also be putting your business ahead of competitors and boost your productivity. So, don’t just choose a supplier or buy a new product — build an ecosystem that will stand by your side when the cybersecurity battle starts to heat up.