2020 was an unhinged year for businesses on many levels, particularly in the cyber department. CrowdStrike observed an increase in eCrime activity up over 330 per cent in the first half of 2020 alone, compared to all of 2019.
The onslaught of criminal activity has been exacerbated in particular by remote working, increasing attack surfaces and risk of human error on personal devices. This has proven a golden moment in time for perpetrators who continue to target businesses which have outdated security, preying on the weak for the opportunistic likes of acquiring confidential data or financial return from ransomware operations, the most prevalent e-crime method this year.
The stakes have never been higher and businesses have been forced to aggressively digitise their processes and security to survive in this new working Digital Darwinism era or be in jeopardy of extinction.
Giving cyber a permanent home on the agenda
As COVID-19 took the world by storm, many business leaders quickly became aware of the inadequacies in the castle-and-moat approach to security. This method of holding up perimeter defences with traditional tactics like firewalls was inadequate against malicious attacks as remote working took flight and office walls became blurred.
Indeed, endpoint is the new security border and that border continues to expand across businesses as the devices that employees use to access corporate networks multiply. Endpoint protection is critical regardless of where the network is being used. Cyber risk should be considered as a pillar of every business strategy, rather than solely an issue management, often leaving it too late to recover data and processes.
In today’s world, every CEO must play their part in ensuring that their distributed cloud environment is compliant with relevant industry regulation and security requirements and prepared for any potential scenario.
Cyber investment ranks number one
The work-from-anywhere landscape coupled with the rapid increase of breaches has brought cyber to the forefront of business priorities, with over half (56 per cent) of Australian business leaders seeing cybersecurity as a top priority for investment in the post pandemic recovery.
Many security leaders believe that experiencing a breach now, while their business is in recovery mode from the impact of COVID-19, would be far more catastrophic to their business versus last year, prompting a shifted focus on long-term planning and digitisation in this area.
Cloud-native leads survival of the fittest
Adopting cloud-native platforms is the smart and sole way businesses can secure workloads from endpoints across various locations and support a hybrid workforce. Indeed, there has been a rapid shift to cloud technologies from legacy platforms that have been rendered obsolete in combating today’s hungry and sophisticated cyber criminals.
Cloud-based infrastructure is no longer a choice but a necessity. It significantly reduces the number of agents required and preserves all data in the cloud, empowering businesses with greater scalability and speed to implement security solutions seamlessly for maximum effectiveness.
Innovating into the future
Business leaders must look ahead to establish a new normal into the future or run the risk of facing no future at all. It is now negligent and archaic to model technology from the normal of the past as, in reality, a new working normal is here to stay.
This begins by adopting cloud-native solutions, having tested incident response plans at the ready and partnering with managed security providers or investing in technology hires to fill the talent gap as needed. The security posture of the future is grounded around the uptake in digital transformation and the speed of deployment in the face of threats.
There are a number of steps businesses can take now to protect and safeguard against future threats:
1. Adopt a security-first mentality: Security should not be treated as an afterthought or a ‘nice-to-have’. It must be at the heart of every digital transformation effort and integrated in the initial stages of development processes so that applications and cloud workloads can be managed effortlessly. As businesses grow, so too do their security needs which is why leaders must adopt a security-first mindset with an eye to mitigating (or ideally preventing) future risks and vulnerabilities.
2. Arm IT teams with the tools to safeguard work-from-anywhere environments: An investment in endpoint detection and response (EDR) for instance, will equip IT teams to respond to security threats with speed and agility no matter where they occur, minimising costs to the business in the long term. CrowdStrike challenges organisations to pursue the 1-10-60 rule whereby it takes one minute to detect an intrusion, 10 minutes to investigate, and 60 minutes to contain and remediate an issue.
3. Check your cyber hygiene: Regardless of size, businesses must carry out regular scanning and emergency patching of any vulnerabilities that are identified. Here, it is important to test incident response plans too. Similar to home insurance, many business leaders fail to check whether their security measures and ‘insurance’ policies are appropriate and up to date until there is an unwanted intruder.
4. Outsource to the experts: Cybersecurity is not always easy to understand. As the evolving threat landscape presents its own challenges, many businesses are choosing to partner with dedicated security professionals and external solutions providers to provide peace of mind and fill skills gaps in their own organisations.
As we advance towards a post pandemic world, digital transformation opportunities must be embraced to thrive in the new normal. Now more than ever, collaboration between businesses and cloud service providers is pertinent in keeping operations alive and well for flexible working.