Being able to retain customer trust has never been more important – or more difficult – following the events of 2020. With so much disarray and widespread changes to working patterns, such as the mass migration to remote working, the job of keeping businesses secure has never been more difficult
Between more sophisticated cybercriminals and immense pressure to ensure governance on compliance, 2021 is already shaping up to be a minefield. And as such, cybersecurity has risen to the top of most organisations’ agendas.
Three cybersecurity resolutions
So, as we have entered what promises to be a complicated year, here are three cybersecurity resolutions every business should consider this year.
Watch out − Dark Clouds are on the horizon
Businesses have not been the only ones accelerating their digital transformation this year – cybercriminals have been hard at it too.
There has been a sharp rise in ‘Dark Clouds’ as cybercriminals have migrated to the cloud, often for the same reasons businesses have – the cloud allows them to avoid big up-front capital expenses, pay monthly for their shady businesses and scale up only when they need to. Coupled with the ability to access information from anywhere, it’s no wonder we’re seeing cybercriminals innovate.
This ranges from cloud-based caches filled with stolen user data such as email addresses and authentication credentials to personal identifiable information (PII) such as scans of passports, driver’s licences, and bank statements.
Data exfiltration has become so valuable that it is now the backbone of all cyberattacks. And it may only take one breach to ruin your reputation and relationship with your customers.
That is why not having an effective cybersecurity programme in place puts your business continuity at risk. Because, this year, you are either going to be one of those proactive organisations aggressively looking to strengthen your systems ahead of time, or the other type of business not doing that – and becoming more vulnerable with every passing day.
Team up – cybersecurity has turned personal
Between collaborating cybercriminals, the upwards trajectory of data growth and the distributed workforce, the risk factor for every business is accelerating.
This is one reason why we expect to see most businesses increase their general IT spending by around 5−10% this year, despite the economic impact of the pandemic. And we expect most of that allocation to go towards IT security. We have already seen how cyberattacks are on the rise in South Africa with news reports of high-profile data breaches of several financial institutions.
But even these investments, it will not be enough to cover all the potential threat vectors. So, businesses will still be forced to place strategic bets across their people, processes and technology in the hope of covering their weakest points.
For example, will you invest in the education of employees (after all, people are always going to be the biggest weakness), or put that money into optimising and securing processes by investing in a security operations centre (SOC)? Or will new technology be the most effective investment?
It’s impossible for every business to get this mix perfectly right, so business leaders need to also strategise how best to avoid cyberattacks. Too often, businesses expect their security team to handle this. But most of the time, this leads to an over-reliance on IT professionals who are already stretched thin by constantly putting out fires. They also don’t have the time to develop this strategy.
That is why making sure every member of the company plays in the cybersecurity challenge is key, especially now that working from home is proving to become a permanent culture with lockdown restrictions. For example, while employees may be a business’ biggest weakness, they also form the ‘human firewall’ and need to be equipped to do just that – which takes education.
But don’t let the collaboration end there – your entire ecosystem of peer-like organisations, experts, suppliers, vendors and even the government should be aligned and geared towards combating this threat.
Cybercriminals are already working together on a large scale, sharing information about critical vulnerabilities, breached systems and targets extremely fast. So, don’t fight alone; work with contacts at SAPS’s Electronic Crime Unit (ECU), which has a national cybercrime task team, or the Cybersecurity Hub, which is South Africa’s national computer security incident response team introduced in 2012 by the Department of Telecommunications and Postal Services (DTPS) to help figure out how to best utilise risk management models and resiliency plans.
By ensuring you follow government regulations such as those set out in the Electronic Communications and Transactions Act and are compliant with the Protection of Personal Information Act (POPIA), the increased alignment and information-sharing between the government and private organisations will help speed up the identification of threats and lead to faster resolutions.
Gear up – look to hybrid security and intelligent backup to stay ahead
Technology is always going to be the heart of your cybersecurity fight, but no one product is going to maximise your cybersecurity state – you need to invest in your desired outcome. To do that, organisations need to look for software-defined models integrated with external services – a hybrid security approach.
This includes cloud-based software such as PenTesting-as-a-Service (PtaaS), Scanning-as-a-Service (ScaaS), Network Defense-as-a-Service (NDaaS), Disaster Recovery-as-a-Service (DRaaS) and Backup-as-a-Service (BaaS).
A hybrid security approach that has your internal security teams connected to external cybersecurity experts and law enforcement will keep you the most secure while also helping to raise the experience level of your security teams.
Conversely, backup should play a bigger role in organisations. It not only gives organisations the ability to restore and analyse data forensically in the event of a breach, but in a world that’s becoming more critically reliant on ballooning data stores to improve customer experience, backup can help to utilise it better.
We’re already seeing some organisations combine application owners, backup, analytics and security teams in a new (virtual) data management team. This way, they can tackle the challenges around exposed data, service level expectation and risk growth in the most beneficial and economical way.
Ultimately, for businesses to keep up with their growing data and continue to derive useful insights from it, they will need to invest in tools powered by machine learning (ML) and artificial intelligence (AI) to speed up data extraction and analysis processes. As these technologies are also significant weapons in cybersecurity as well as aiding in data-driven decision-making, their adoption is expected to grow at a rapid pace and will add tremendous intelligence and power to the fight.
At its crux, the takeaway here is that in getting prepared for the cyber threats of 2021, you will also be putting your business ahead of competitors’ and boost your productivity.
So, don’t just choose a supplier or buy a new product – build an ecosystem that will stand by your side when the cybersecurity battle starts to heat up.
Edwin Weijdema, Global Technologist, Product Strategy at Veeam