Cybersecurity is a major issue right now. We’re still in frenzy mode and playing catch-up following the pandemic. It’s no secret that cyberattacks are increasing across the board as workforces adapt to remote and hybrid working models, and hackers move to exploit unprotected systems. A distributed workforce and a wider geographic base, coupled with the increased use of personal devices and a growth in cloud adoption, have led to a higher cyber risk than ever before. In turn, organisations have had to scramble to implement or enhance their cybersecurity strategies, resulting in a huge surge in demand for security services.
But looking ahead two years, cybersecurity won’t be the play it is today. Not because the threats will have dissipated but because the IT industry is evolving, and a high level of cybersecurity will be baked into technology going forward. It will also have to be ingrained into people’s mindsets – cybersecurity will be subconscious.
Cybercriminals have been a number of steps ahead at all times, but we are catching up. In order to narrow the gap successfully and get to the stage where cybersecurity is second nature, businesses must now make it an ongoing, but manageable, exercise that is a core element of their overall strategy.
How do we do this? First, we must understand what we’re dealing with. Ransomware is the number one cyberthreat faced by businesses today. Cybercriminals no longer have a desire to break into networks simply for kudos – it’s now a business and it’s about making money, which increases the stakes. Cybercrime has generally been an undercover world. However, ransomware for hire is a growing trend and means that anyone with a relatively good knowledge of IT systems can offer cybercrime as a service.
With proactive tools that can react to unexpected behaviour now becoming the norm, it’s possible that ransomware concerns can eventually become a thing of the past
Daily scams such as phishing also continue to wreak havoc on workforces. Employees are your “human firewall” – the first and last line of defence when it comes to protecting your company networks and data. They need to be treated as such. Engagement and education are crucial here in order to prevent hackers from entering through your organisation’s front door.
Next, we must look at filling the cybersecurity toolbox: we now have the answers to the problems that were exacerbated two years ago, and we need to continue to find solutions to emerging threats. With proactive tools that can monitor expected behaviour and react to unexpected behaviour now becoming the norm, it’s possible that ransomware concerns can eventually become a thing of the past. Additionally, the principle of zero trust (trust no one, always verify) will be key for organisations going forward.
A common misconception that needs to be addressed is that security is cumbersome. There’s a trade-off culture between security and convenience among businesses, and this needs to be reversed. There’s no need to try to reinvent the wheel, but the key is being proactive. Even starting small and with something simple such as multi-factor authentication can make a big difference.
Cloud is no longer a buzzword and has become a cornerstone for businesses. It minimises risk and enables better security, while ensuring visibility and compliance. Cloud is also a more energy-efficient and sustainable option, with cloud storage in data centres using less energy than on-premise storage in an office. Similarly, we used to rely on traditional copper wires but the rollout of fibre lines across the country means more reliable connectivity and more options.
Bigger fish
What will cyberthreats look like in two years?
Traditionally, attacks have been focused on organisations that hackers see as easy prey. Looking to the future, these threats might angle differently. Attackers are likely to be looking at bigger fish that will allow maximum impact and yield the maximum return, and the focus could be shifted to bigger fish such as governments.
Organisations need to embed network and cloud security from the ground up and commit to monitoring, reviewing, and maintaining a level of security at all times
However, that doesn’t mean cybersecurity should be overlooked by smaller organisations. The threat of cyberattacks will always be there and breaches will likely occur, but with the right buy-in, education, and tools, the level of impact on businesses can be controlled.
Though the risk level may remain the same, the response of businesses will have changed. Organisations need to embed network and cloud security from the ground up and commit to monitoring, reviewing, and maintaining a level of security at all times, across the board, through every channel. They must also be willing to evolve and adapt their infrastructure in line with changing threat landscapes and weigh up the potential cost of a cyberattack versus IT investment if budgets are a concern.
According to Gartner’s 2022 Board of Directors Survey, 88 per cent of board members classified cybersecurity as a business risk. This is promising as it shows that both the awareness and appetite to address the issue are there. Furthermore, Gartner expects that by 2023, three-quarters of organisations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from less than 15 per cent today.
The pandemic was undoubtedly a wake-up call for many and highlighted what was a rapidly growing problem. But when the frenzy falls away, cybersecurity will not only be ingrained in IT, it will be a mindset for organisations. After all, it’s always better to be even one step ahead than a step behind.
Neil Phelan is chief executive of HCS.