Cyber Security – an Attacker view post pandemic
We have entered an era of digital disruption, where commerce and industries are moving from traditional ways of working towards adopting more agile and flexible frameworks to stay competitive and relevant. This rapid adoption of technology further fueled by pandemic has led to an increase in digital footprint and resulted in a surge of the organisation’s attacker-exposed assets (IT, OT-IoT).
The major challenge lies in the lack of visibility, control, and skilled resources to secure a growing asset landscape. With critical and personal data being utilised at multiple levels, evolving regulatory, compliance and business requirements add further to the complexities which are being exploited by attackers who are well ahead of the curve. They are equipped with the right tools, tactics and even sponsorships to compromise an environment that was traditionally considered secure. In fact, 68% of organisations experienced a cyber-attack that began from an unknown, unmanaged or poorly managed company asset.
So, are we aligning our Cyber Security approach to meet the evolving threat trends? Are teams cyber aware and thinking of adept ways to prevent cyber-attacks? Unfortunately, the answer is No.
Top Reasons Why Cyber awareness & efficient Cyber security program needs to be a priority for every organisation (post-pandemic)?
Cyber Security Awareness Month is more important than ever. Cyber-attacks are now occurring every 39 seconds. In fact, 64% of companies worldwide have experienced at least one form of cyber-attack, and perhaps more worrying is that 90% of all cyber-attacks are caused by human error. Such statistics highlight the ongoing threat that organisations face, and the need to ensure cyber security awareness and hygiene at all levels. Some of the key trends we observed were:
Situational awareness has become an integral aspect of enhanced Cyber posture.
While people are true strength for any organisation, unfortunately, they have become the weakest link in the case of cyber-attacks, which has been proven time and again. More than 75% of organisations around the world experienced some form of phishing attack in 2020, out of which 96% of these attacks were delivered through email.
Technology investment and sophisticated policies take a back seat if users are not cyber security aware. An effective Cyber posture can only be achieved through regular cyber security awareness trainings, phishing simulations customised for the business which will make cyber security more relatable. Also, to ensure security is enabled at all layers, the focus of protection should be changed from devices to identities.
So, we all need to DO our part: #BeCyberSmart.
You need to first review your existing environment to understand posture and then align cyber operations to it, ensuring, compliance at any given point in time. Defenders across the world are performing multifaceted cyber operations like ensuring compliance, keeping infra & applications updated, managing security controls, vulnerability assessment, monitoring events, cyber response, training etc. While practitioners attempt to win the asymmetric battle with cybercriminals, all the above tasks are done in silos with no Cyber fabric which can interweave the multiple operations and orchestrate the tasks as per the risk associated with it. In order to interweave this security fabric, we must follow Secure by Design enabling integrated cyber defence that allows various components to interact with each other with relevant information, which then can be utilised to enhance the security posture and provide required agility to respond.
Once you do the above, you can get a clear picture of what you need and make your organisation safer.
By now, you would have understood why cyber awareness and cyber security a priority is, you must have also read through some suggestions. But the hardest part is implementation. It requires a lot of time, resources, money, and whatnot.
About the Author
Sidharth Sood is the Global Business Head – Cyber Security Services at MothersonSumi INfotech & Designs Limited (MIND). He has an experience of more than a decade in accelerating and delivering secure digital transformation, encompassing managed security services, security business development and alliance management across various industry verticals for India and APJ markets.