As per Gartner® press release, “spending on security services – consulting, IT outsourcing, implementation and hardware support – is forecast to total $90 billion in 2024, an increase of 11% from 2023.” However, with a cyberattack every 44 seconds and it costing about $5 million to fix a breach, things still look grim.
The old barrack-like cybersecurity model cannot defend against this barrage of attacks. While leaders acknowledge the importance of cybersecurity to business continuity, reputation, and trust, they expect it to be absolute. This viewpoint assumes the enterprise is a finite entity where security could be enforced top-down and at the edge. Given the ubiquity of a shared cloud environment, hybrid working culture, mobile workforce, and an expanding network, pumping money and expecting 100% cybersecurity is akin to the Pentagon aphorism of “providing all assistance short of actual help”.
Since the goalposts shift with evolving threats, there is no end state for cyber-readiness, and 100% security is not possible. However, most incidents can be traced back to a smaller set of avoidable vulnerabilities or known unknowns. Also important is cyber-resilience, which allows businesses to operate in a degraded environment where access to networks and data is uncertain.
To drive cyber-readiness and resilience, enterprises need to strategically reevaluate their approach to cybersecurity with an eye on the evolving threat landscape. Here’s what needs to change:
- Secure Access, Not Access Points: With trends such as Bring Your Own Device, remote work, and cloud-hosted data centers and SaaS applications, connectivity requirements can no longer be served by an enterprise-controlled network. The edge is unmanageable, which calls for embedding security protocols across each layer of the network, including devices, applications, and users. Zero Trust Network Architectures assumes a breach has already happened and treats all entities as suspects, requiring identity and intent verification for each access request. It ensures the right users get access to the right applications and data at the right time and enables enterprises to provide secured connectivity to applications and data across devices, locations, users, or networks.
- Prioritize Risk-Based Vulnerability Management: With increasing attack vectors, it is critical to identify zero-tolerance areas that require urgent attention to contain the attack and those that can be isolated with minimal disruption. Business risk prioritization contributes to appropriate monitoring and incident response mechanisms. This brings visibility and oversight to areas with regulatory implications. Most regulatory fines are not about why a breach happened but if the enterprise did everything under its control to pre-empt it. Ensuring critical areas are always on the radar helps cover the ground, allowing niche resources to focus on what matters the most.
- Rely on Strategic Partners: While they monitor and track metrics internally to make strategic calls on cybersecurity, enterprises must also be aware of vulnerabilities outside their remit that can have a domino effect. With interconnected and global ecosystems, external vulnerabilities can be equally damning. Enterprises must collaborate with systems of intelligence, strategic partners, and industry consortia to collate threat data and analyze it to inform their cybersecurity practices. To keep the lights on, business continuity plans must consider the connected nature of operations, fail-safe measures, and disaster recovery.
- Go on the Offensive: The growing Generative AI (GenAI) clout will only further the loss of enterprise agency and potentially open loopholes for bad actors to exploit. A World Economic Forum report states that GenAI will take two years to give defenders an advantage over attackers. AI increasingly leads social engineering attacks with the prevalence of deep fakes, sophisticated phishing attempts, and digital arrests. Creating AI mechanisms to combat them and creating the required intelligence to deter AI-led malicious activity at source can help enterprises go on the offensive. This can be too niche for a single enterprise, making a collaborative approach led by industry consortia ideal.
- Improve Visibility by Automating and Orchestrating: Two-thirds of cyber incidents can be traced back to human error – where an employee falls prey to bad actors or does something intentionally that proves damaging. The way to address this is to eliminate human touchpoints and embed automation, AI, and machine learning mechanisms to take over and orchestrate low-level tasks encoded with security policies. A pivot to zero trust architecture along with DevSecOps framework for automation also helps contain human-led errors with better enforcement of role-based access policies.
Defend Forward
Traditional approaches to cybersecurity are reactive. In today’s high-stakes environment, it is crucial for enterprises to proactively detect threats, search for vulnerabilities, establish systems to take corrective actions, and prevent malicious actors from making an impact. Cybersecurity must adapt to a military-style threat intelligence collection and preparedness that keeps enterprises ahead of bad actors. Partnering with service providers specializing in cutting-edge cyber defense strategies can be a start while instilling a security-first mindset through personnel training and automation-first tooling is more essential than ever.