By: Edwin Weijdema, Global Technologist, Product Strategy at Veeam
Being able to retain customer trust has never been more important – or more difficult – following the events of 2020. With so much disarray and widespread changes to working patterns, such as the mass migration to remote working, the job of keeping businesses secure has never been more difficult.
Between more sophisticated cybercriminals and immense pressure to ensure governance on compliance, 2021 is already shaping up to be a minefield. And as such, cybersecurity has risen to the top of most organizations’ agendas.
So, as we have just entered what promises to a complicated year, here are three cybersecurity resolutions every business should consider in the New Year.
Businesses haven’t been the only ones accelerating their digital transformation this year – cybercriminals have been hard at it too.
There has been a sharp rise in ‘Dark Clouds’ as cybercriminals have migrated to the cloud, often for the same reasons businesses have – cloud allows them to avoid big up-front capital expenses, pay monthly for their shady businesses and scale up only when they need to. Coupled with the ability to access information from anywhere, it’s no wonder we’re seeing cybercriminals innovate.
This ranges from cloud-based caches filled with stolen user data such as email addresses and authentication credentials to personal identifiable information (PII) such as scans of passports, driver’s licenses, and bank invoices.
Data exfiltration has become so valuable it’s now the backbone of all cyberattacks. And it may only take one breach to ruin your reputation and relationship with your customers.
That’s why not having an effective cybersecurity program in place puts your business continuity at risk. Because, come 2021, you’re either going to be one of those proactive organizations aggressively looking to strengthen your systems ahead of time, or the other type of business not doing that – and becoming more vulnerable with every passing day.
Between collaborating cybercriminals, the upwards trajectory of data growth and the distributed workforce, the risk factor for every business is accelerating.
This is one reason why we expect to see most businesses increase their general IT spending by around 5-10% in the New Year, despite the economic impact of the pandemic. And we expect most of that allocation to go towards IT security.
But even with these investments, it won’t be enough to cover all the potential threat vectors. So, businesses will still be forced to place strategic bets across their people, processes and technology in the hope of covering their weakest points.
For example, will you invest in the education of employees (after all, people are always going to be the biggest weakness), or put that money into optimizing and securing processes by investing in a Security Operations Center (SOC)? Or, will new technology be the most effective investment?
It’s impossible for every business to get this mix perfectly right, so business leaders need to also strategize how best to avoid cyberattacks. Too often, businesses expect their security team to handle this. But most of the time, this leads to an over-reliance on IT professionals who are already stretched thin by constantly putting out fires. They don’t also have the time to develop this strategy.
That’s why making sure every member of the company plays in the cybersecurity challenge is key. For example, while employees may be a business’ biggest weakness, they also form the ‘human firewall’ and need to be equipped to do just that – which takes education.
But don’t let the collaboration end there – your entire ecosystem of peer-like organizations, experts, suppliers, vendors and even the government should be aligned and geared towards combating this threat.
Cybercriminals are already working together on a large scale, sharing information about critical vulnerabilities, breached systems and targets extremely fast. So, don’t fight alone; work with contacts in your local law enforcement agency – for example NESA, The National Electronic Security Authority in the UAE, to figure out how to best utilize risk management models and resiliency plans.
By ensuring you follow government regulations, the increased alignment and information sharing between the government and private organizations will help speed up the identification of threats and lead to faster resolutions.
Technology is always going to be the heart of your cybersecurity fight, but no one product is going to maximize your cybersecurity state – you need to invest in your desired outcome. To do that, organizations need to look for software-defined models integrated with external services – a hybrid security approach.
This includes cloud-based software such as PenTesting-as-a-Service (PtaaS), Scanning-as-a-Service (ScaaS), Network Defense-as-a-Service (NDaaS), Disaster Recovery-as-a-Service (DRaaS) and Backup-as-a-Service (BaaS).
A hybrid security approach which has your internal security teams connected to external cybersecurity experts and law enforcement will keep you the most secure, while also helping raise the experience level of your security teams.
Conversely, backup should play a bigger role within organizations. It not only gives organizations the ability to restore and forensically analyze data in the event of a breach, but in a world that’s becoming more critically reliant on ballooning data stores to improve customer experience, backup can help better utilize it.
We’re already seeing some organizations combine application owners, backup, analytics and security teams in a new (virtual) data management team. This way, they can tackle the challenges around exposed data, service level expectation and risk growth in the most beneficial and economical way.
Ultimately, for businesses to really keep up with their growing data and continue to derive useful insights from it, they will need to invest in tools powered by Machine Learning (ML) and Artificial Intelligence (AI) to speed up data extraction and analysis processes.
As these technologies are also significant weapons in cybersecurity as well aiding in data-driven decision-making, their adoption is expected to grow at a rapid pace and will add tremendous intelligence and power to the fight.
At its crux, the takeaway here is that in getting prepared for the cyberthreats of 2021, you will also be putting your business ahead of competitors and boost your productivity.
So, don’t just choose a supplier or buy a new product – build an ecosystem that will stand by your side when the cybersecurity battle starts to heat up.