Avoiding Collapse in a Tech-Stacked World: How Staying Still Can Create Fragile Defences
Published 08/19/2024
Written by Vaibhav Dutta, Associate Vice President and Global Head-Cybersecurity Products & Practice, Tata Communications.
Originally published on Frontier Enterprise.
Ransomware activity alone was up 50% year-on-year during the first half of 2023. We have been seeing a relentless rise in the number and sophistication of cyber threats, with ransomware incidents reporting a 13% increase while phishing incidents more than doubled in 2022. Yet, a recent survey has also found that 60 per cent of organisations reported a lack of knowledge or experience to implement effective cyber security measures.
This highlights a critical disconnect between the evolving cyber threat landscape and the preparedness of organisations. Amid such dismal statistics, are organisations ready to accept a future where cyberbreaches are an accepted norm in their daily operations?
The potential impact of a cyberattack has also become exponentially severe, spilling over from digital realm into physical. Just November last year, Singapore suffered a cyberattack-induced outage that severely impacted public hospitals and polyclinics. This serves as a reminder the significant repercussions on patient care, administrative tasks, and overall operations that such disruptions can cause.
With more critical infrastructure now housed in the digital realm, cyberattacks have the potential to seriously impede the lives of everyday people. For instance, if bad actors were to successfully attack a nation’s energy grid or public transport, the effects could be devastating to its population.
Get your cyber resilience shots in quick
In an era defined by pervasive digital connectivity and ever-evolving threats, not building cyber resilience is akin to not getting your vaccination shots for modern-day enterprises.
Many Chief Information Security Officers (CISOs) are shifting their focus toward more evasive and evolving attacks, such as ransomware and advanced persistent threats. These complex threats often go undetected by traditional cybersecurity tools, and even when detected, it is often too late as damage is already done.
Taking heed on a national level
Due to the crippling effects a cyberattack can have on a nation, governments and regulatory bodies are also working to develop guidelines and standards which encourage organisations to embrace cyber resilience.
For instance, the recently proposed amendment to Singapore’s Cybersecurity Act is a significant step towards increasing the coverage of cybersecurity laws in the country. By including cloud data centre operators in the regulatory framework, the government is acknowledging the growing importance of securing data in the digital age.
The amendment also emphasises the need for robust cybersecurity measures, as a majority of organisations in Singapore have experienced cyber incidents. By bringing cloud data centre operators under the regulatory umbrella, Singapore aims to enhance cybersecurity and protect against potential threats in its evolving digital landscape.
Taking a look to the West, the US’s NIST Cybersecurity framework 2.0 presents six core functions – designed to organise cybersecurity outcomes at their highest level:
- Govern: Establish, communicate, and monitor cybersecurity strategy, expectations, and policy, including assessment and continuous oversight.
- Identify: Understand and document cybersecurity risks, processes, assets, software, data, threats, and weaknesses for protection.
- Protect: Manage cybersecurity risks with safeguards: control user access, provide training, use endpoint security, and encrypt data.
- Detect: Detect, analyse, and respond to cybersecurity threats promptly, involving staff and tools for effective mitigation.
- Respond: Take swift action following a cybersecurity incident. Execute response plan, analyse, determine root cause, prioritize, contain, eradicate, and collect data for future planning.
- Recover: Restore affected assets and operations, assign recovery responsibilities, verify systems, communicate with stakeholders, and document lessons learned.
In an era dominated by the incessant rise of cybersecurity solutions and the fervent discourse surrounding existing frameworks, organisations often resort to deploying a multitude of cybersecurity tools, with the average number reaching 100 globally.
Take a step back, simplify things
This abundance of tools can exacerbate the complexity of security infrastructure, making it increasingly challenging to effectively resolve security issues.
Amidst this tech-driven landscape, it’s time to embrace a perspective that looks beyond the allure of stacking additional tech solutions. Rather than perpetuating the cycle of technological proliferation, the essence of a truly holistic cybersecurity strategy lies in simplifying technology itself.
By simplifying operational complexity and ensuring robust security measures are in place, businesses can safeguard their data and customer interactions with trust. Organisations should look to partnering with experts who can help navigate the intricacies of cybersecurity risk management.
As with all digital transformation projects, it’ll take time to begin to put the various policy and technological conditions in place to start building up your organisation’s cyber resilience, and building a cyber resilience culture from within.
However, it’s crucial you get a move on today – start having conversations with your IT team and look to partners with experience in fostering cyber resilience within organisations.
Related Resources
Related Articles:
The Evolution of DevSecOps with AI
Published: 11/22/2024
How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management
Published: 11/22/2024
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
CSA Community Spotlight: Nerding Out About Security with CISO Alexander Getsin
Published: 11/21/2024