Ways to fortify your security strategy
Digital transformation presents a strong opportunity to harness the power of data. However, it brings certain challenges to the fore including an organisation’s ability to be secure and resilient.
A case in point is the new operating model of hyper-distributed environments. If not properly secured, these environments can open up an abundance of fresh attack surfaces and vulnerabilities.
According to The State of Cybersecurity in South Africa, a study conducted by World Wide Worx with the support of Dell Technologies South Africa and Intel, 42% of businesses reported that ransomware and phishing attempts have increased in the past year.
Cybercriminals continue to evolve their ability to exploit vulnerabilities as they emerge. As more data and workloads go digital, the surface area for attack increases. Also, as more systems rely on complex and integrated supply chains, they become more easily accessible targets. Understandably, we are seeing more investment in advanced threat prevention technology.
According to a recent Gartner report, global information security and risk management end user spending will reach around US$168-billion in 2022, up over US$13-billion from 2021.
Now is the time to address security, risk and compliance gaps before they grow any wider.
Security obstacles within organisations
The alarming truth is that most organisations remain under-prepared. The World Wide Worx study showed that 99% of corporates are aware that disaster management is essential. However, only 40% of businesses use multiple solutions to protect, back up and replicate their data in the event of disaster.
Against this backdrop, it’s critical to call out four broad security obstacles within organisations.
First, there is a misconception that only certain sized businesses or industries are targeted for cyber-attacks. Organisations overlook their security planning and only focus on preventing an attack. Although it is important to be resilient to such attacks, organisations must operate with the assumption that an attack is just a matter of time, in spite of the best defences possible, and have a rapid recovery strategy in place.
Second, as organisations hasten their pace of digital transformation, many of them make rapid technology changes without considering the security implications. In this data era, security transformation must accompany digital transformation.
Third, security applications have long been bolted on and some have been an afterthought when creating new technologies. Often, security integration is not considered until after applications and processes have been developed, and then the framework is adapted to fit over existing operations as best it can.
Fourth, security is far too siloed – that is, it is defined within the confines of different development teams, each building to their narrow functional lens, so it doesn’t play well across an organisation. Security has to be purpose-built to detect and mitigate threats, and be aligned with overall business objectives.
Fortifying your security strategy
Securing data, applications and devices calls for a more mature approach that leverages innovative technologies for scale and intelligence, aligns around the business rather than the threats, is proactive in recovery planning, and defends the organisation as a whole rather than in silos. To protect against and be resilient in the face of cyber threats, we recommend organisations consider three fundamentals.
1/ Protect data and systems
The first step in fortifying with modern security is to rethink how you protect data and systems. It starts with trusted infrastructure that takes an intrinsic security approach. This means the infrastructure is secure by design and doesn’t introduce risk into your environment.
Security must be built-in. To the extent possible, it should evolve from using security applications as patches and instead be designed to be native to the architecture it’s going to protect. It should make use of devices, firmware and processes intrinsically engineered for security from the start.
2/ Enhance cyber resilience
In a cyber-resilient mindset, the focus shifts from defending against an attack to being resilient in the face of a cyber-attack. This ensures minimal disruption and loss. It’s important to note that resiliency is not a technology; it is a strategy, or better yet, an outcome. Think of it as a ‘ready state’ for withstanding attacks that culminates from planning, technology and discipline so that an organisation knows exactly how they’re going to act when a breach is discovered.
Therefore, threat mitigation and resiliency planning need to be defined and prioritised in alignment with key business operations and services. Business continuity planning must evolve beyond solving for traditional disasters and ensure collaboration with IT teams and business stakeholders. Being cyber resilient is about focusing on what’s really important to your organisation and the services you provide to the market you serve.
3/ Overcome security complexity
The final step in fortifying with modern security is to overcome security complexity. Digital transformation demands that we supplant manually intensive practices with automation and insights that drive better business results. Accelerated digital transformation coupled with pandemic-driven labour shortages make this an ideal time to consolidate security tools and turn to automation, intelligence and consolidation to enable scale.
Researcher ESG estimates the annual cost of data loss to be 4X for companies struggling with these inefficiencies by using too many providers.
Where possible, consolidating tools from a select number of providers simplifies your overall environment and enables more consistent governance, more predictable behaviour, and more effective threat detection and mitigation.
In closing, modern security is built-in, unified and context driven. Building a robust security posture not only protects operations but also helps drive business outcomes.
Therefore, organisations will benefit from modernising their approach to cybersecurity and resilience. This, in turn, will allow them to effectively address risks and accelerate innovation.