Maninder Singh at HCL Technologies describes how a renewed focus on cyber-security is needed to protect corporate secrets and warns that this will require vision and dedication across the organisation.
The cyber-security landscape has been in a continual state of evolution for the past two decades. But with each technological advancement, the nature of the threats has become increasingly more complex and sophisticated.
Given this reality, the question continuing to nag the mind of every business leader is the same: how can we better prepare our organisations to be more resilient in the face of these known and unknown threats?
The current threat landscape
The most recent, and perhaps greatest, disruption to face businesses globally in this millennia is the COVID-19 pandemic. The State of Cybersecurity 2021 Part 2 survey report, from ISACA in collaboration with HCL Technologies, shows that almost 36% of respondents report that their organisations have increased their spending on new security measures during this time.
The pandemic has given birth to an explosion of remote working, distributed networking, remote operations of businesses and manufacturing and work-from-home initiatives. These new working models have come to redefine not only how businesses work, but how securely they can work. In response, multiple industries have had to restructure their IT security in order to adapt and survive.
However, this is far easier said than done given the size of risks, compliance challenges, and threat vectors that exist – not only for the current era but for the future.
Attacks growing in purpose
Despite best efforts, this last year has been fraught with security incidents. We’ve witnessed targeted attacks against large global software companies, energy and utility firms, and defence establishments, with an ever-increasing count. It’s no wonder then that our research shows over a third of businesses have seen an increase in cyber-attacks compared to a year ago.
In line with the rising prevalence of constant connectivity, AI, and quantum computing, next-generation threats are evolving, which require new and systemic security mitigations and interventions. A core part of this will be understanding that the next generation of threat vectors won’t just be about malware files or insecure passwords. They will involve far more sophisticated attacks that target common blind spots for users and enterprises.
In fact, the three leading threat actors most businesses are facing are cyber-criminals (23%), hackers (17%) and malicious insiders (10%). Each of these can leverage an entirely different mix of attack vectors to infiltrate organisational security; the most common of which is social engineering (14%), advanced persistent threats (10%), ransomware (9%), and unpatched systems (9%).
The only way to get ahead of this threat curve is to reimagine how enterprise security works and to adopt a holistic, integrated security solution that can overcome these attack methods, and make every employee and user responsible for the digital security of the company.
Integrated security for a resilient future
For a secure future, businesses must adopt new technologies and industry best practices that are designed to not only help organisations survive, but to thrive in the face of unknown dangers. This means developing a resilient, dynamic, and integrated security framework that aligns with operational and business goals, rather than treating security as a commodity.
The effectiveness of such a transformation is rooted just as much within enterprise structures, as it is within the technology. For instance, we know that the strategic alignment between cyber-security strategy and organisational objectives is higher (77%) when the security teams report directly to a CISO.
Specialised enterprise challenges such as access management, OT security, and ensuring a water-tight application and data security framework should also be considered. With a dedicated, integrated approach, security leaders can help businesses adopt the right Identity and Access
Management solutions that secure and empower business goals such as customer growth and ease of access. Here, security engineers can adopt holistic and best-of-breed IAM solutions that work across every dimension, from architecting to operational services, to deal with threats from within and outside the organisation.
Similarly, industrial businesses facing an explosive rise in digital touchpoints must trust that their security teams can solve the unique challenges raised. Given the complex nature of IoT and Industrial Control Systems, especially when combined with remote access, the challenge lies in ensuring operational security without hampering productivity.
These leaders also face the uphill task of modernising legacy systems, making everything interconnected. And while these older systems may appear more secure, businesses risk becoming outdated or losing their competitive edge if they fail to transform.
And perhaps most importantly, security leaders need to develop new thinking around data governance if they wish to genuinely deliver on the promise of application and data security. This requires security leaders to develop centralised orchestration between various enterprise stakeholders, to assure secure data ownership.
Furthermore, this also allows enterprises to carefully monitor and ensure a well-rounded risk and compliance programme, by leveraging solutions built on analytics, automation, and other new technologies.
A future mindset
Ultimately, the answer is simple – developing a resilient and digitally secure enterprise of the future requires a clear vision from the top to the bottom of an organisation. This is why it’s crucial that a business’ board of directors makes cyber-security a priority, if they want to build a resilient organisation.
This acknowledgment of cyber-security’s importance in today’s world, and for the future, requires singular focus and dedication. This is also at the top of the global political leadership agenda, as highlighted by the discussions at the US-Russia summit meeting between President Joe Biden and President Putin in Geneva.
The threats of the future will easily impact all organisations with equal devastation, if left unaddressed. Security leaders must look forward by collaborating with the wider community of security and technology specialists to devise the right solutions.
If done correctly, security leaders can not only bring comfort to business but also open new possibilities for innovation while on their digital transformation journey.
Maninder Singh is Corporate Vice President, Cyber Security & GRC at HCL Technologies
Main image courtesy of iStockPhoto.com