Maninder Singh at HCL Technologies talks to teiss about the way that organisations approach cyber security maturity is changing
With a rapidly changing threat landscape, how can enterprises remain cyber mature?
Operations across companies large or small have been going digital, driven by the need for efficiency as well as rising customer expectations. The pace of adoption has varied depending on the company’s readiness for change, agility, and size among other factors.
As digitisation and remote work accelerates, and lines between employees, customers, contractors, and partners are blurring, meaning many traditional network perimeters and boundaries are obscured.
Users, workloads, data, networks, and devices are everywhere. “Zero trust” has emerged as a concept for enforcing “least privilege” for modern enterprises contending with the global nature of these domains.
Emerging technologies such as cloud, data analytics, and robotic process automation have been cited as top cyber-security investment priorities. With a rise in emerging technologies, the investment of organisations towards their IT infrastructure must also increase.
Even as this is happening, hackers are also honing their skills as more and more businesses go digital and widen the pool of potential targets. Assets ranging from new product designs to distribution networks and customer data are now at risk. Digital value chains are also growing more complex, with digital connections tying together thousands of people, applications, servers, and other devices.
One common pitfall we see is corporate cyber security struggling to keep up with this blistering pace of change. One common mistake is delegating problems to IT, treating the problems as compliance issues and throwing resources at them without properly understanding the root cause. As a result, the company may be no less vulnerable than before.
Are there other key trends that are hindering cyber maturity?
Challenges in cyber-security are as dynamic as the industry itself. There’s no denying the past few years have been tumultuous. For the field of cyber-security, new technologies tend to present unique challenges that must be addressed on a continuous basis.
Protecting valuable information and assets with proper training and a robust cyber security strategy will help companies stay ahead of the competition and maintain business continuity. There are a few issues though that will continue to impact the cyber security industry in 2021. These are:
- Adapting to a remote workforce. As we emerge from the pandemic, many companies are deciding to adopt a hybrid work model as they reopen their offices. Due to this distributed work environment, cyber security risks continue to increase in number and scale.
- Human vector attacks. Though people are becoming digitally literate there is no end to attacks that target human complacence, e.g. phishing continues to be a major threat for all industries.
- IoT attacks. The US Internet of Things Cybersecurity Improvement Act of 2020 creates security standards for IoT devices and encompasses other IT issues. However, as more data is transferred between devices, gaps may exist to leave room for cyber criminals to exploit information. Companies need to stay ahead of this curve by implementing a stable cyber security structure.
- Blockchain and cryptocurrency attacks. The world of blockchain and cryptocurrency is growing rapidly and attracting more interest than ever. As crypto transactions are digital, it’s only natural there’s cyber security measures to protect against instances of identity theft and security breaches. Companies must therefore look at seriously investing in their IT infrastructure to protect themselves.
- Emerging 5G applications. 5G will undoubtedly usher in many benefits for its users such as increased speed and responsiveness. However, new technology comes with new risks and cyber security professionals need to be wary of potential threats against these evolved networks.
How can tech leaders ensure they remain cyber mature in the future?
Although organisations are continuously investing in cyber-security tools, it does not automatically mean that all potential security gaps are addressed. With rising costs of security tools and shrinking budgets, organisations must adopt a risk-based approach and prioritise security investments to address critical issues and vulnerabilities.
Cyber criminals are leveraging advanced technologies such as Artificial Intelligence (AI) and Machine Learning (ML) to attack an organisation’s endpoints, making endpoint protection a must-have cyber security priority.
Leveraging advanced technologies like AI and ML to automate cyber security tasks such as identifying potential threats, detecting unauthorised access and preventing attacks before execution, will allow security teams to focus their efforts on high-risk threats rather than on repetitive, tedious tasks.
Essentially, organisations must adopt a cyber security maturity model to measure their security programme’s maturity and chart out how they will elevate their practices to the next level. As discussed earlier, The National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) and the Cybersecurity Capability Maturity Model are two of the models available.
Technology alone cannot bolster an organisation’s cyber security posture. Cyber security training and awareness among all employees and partners is essential since it’s the de facto ‘last line of defence’ for nearly every major threat.
And as these threats evolve with time, organisations need to remain vigilant and regularly conduct training and awareness programs that empower their employees to become their greatest security strength.
Maninder Singh is CVP and Global Head of Cybersecurity & GRC Services at HCL Technologies. This is the second in a sries of two articles by Maninder Singh. The first article is available here.
Main image courtesy of iStockPhoto.com