Nowadays, all organizations are digital by default. Not every organization delivers its products and services primarily through digital channels, but all operate with the cultures, technology and processes of the internet era. Moreover, in the connected and convergent world delivered by the Internet of Things (IoT), the digital landscape is vast, with every asset owned or used by the organization representing another node in the network.
No wonder the prime focus of the Nullcon 2018 was the rise of next generation of information security, mainly fuelled by increasing attack vectors, zero-day vulnerabilities and unknown threats that surround the digital world we live in. Global studies indicate that the scale of the threat is expanding drastically: by 2021, the global cost of cybersecurity breaches is expected to reach US$6 trillion by some estimates, double the total for 2015.
If your organization is feeling anxious about cybersecurity, it may be some comfort to know that you are not alone: most organizations feel they are more at risk today than 12 months ago. Today, cyber attackers can be either indiscriminate or highly targeted, attacking large and small organizations in both the public and private sector. They are well camouflaged: exposing the attackers requires cybersecurity defences that identify the threat, even when it adopts the colors of its immediate environment.
However, organizations that confront the cybersecurity challenge will regain a sense of order. It is also critical to have a good understanding of the most common attack methods and an appreciation of the ingredients of good cybersecurity hygiene, with which most such attacks can be defeated. This can be achieved if organizations start identifying and recognising the talent within the internal teams. Giving internal employees a chance to explore the organization’s infrastructure and applications to look for security vulnerabilities could result in more productivity, as they know more about underlying infrastructure and applications. Working together can help in regaining cybersecurity.
For the next few years, patching known vulnerabilities and removing web server vulnerabilities could be the most impactful actions for boosting your cybersecurity. Bug-bounty programs could play an important role too, in improving the organization’s Security Operations Center (SOC) that sits at the heart of its cyber threat detection capability and serves as a centralized, structured and coordinating hub for all cybersecurity activities. By working closely with threat intelligence providers and developing in-house analyst capability, organizations can build a much clearer picture of the threat landscape — including the identities of C-level executives.
Point solutions remain a key element of cybersecurity resilience, with tools including antivirus software, intruder detection and protection systems (IDS and IPS), consistent patch management and encryption technologies that protect the integrity of the data even if an attacker does gain access to it.
While the maturity of an organization’s cybersecurity approach will determine its effectiveness, putting cybersecurity at the heart of its strategy will help maintain and even enhance the trust of its consumers and stakeholders alike.
For a start, the C-suite can no longer assume that cybersecurity is solely the responsibility of the information security (IS) or information technology (IT) departments. Instead, organizations must make cybersecurity a core part of business strategy and culture. In doing so, they can enable the entire organization to understand the risks they face, embrace the innovation needed to counter those risks, and have the resilience to regroup and restore operations smoothly and efficiently in the wake of a cyber breach.