Cybersecurity trends in a rethought world

Many organisations have decided to adopt new ways of doing business, including the remote and contactless working and delivery of services. In addition to these new ways, the world is also rapidly adopting newer technologies and products, including the Internet of Things (IoT), Artificial intelligence (AI), 5G, Robotics, Cloud Services, Blockchain etc. "By some estimates, the current Internet of Things, a precursor to a hyperconnected future, will reach 64 billion objects by 2025, up from 10 billion in 2018—all monitored in real-time. Looking forward, a hyperconnected world could support up to 1 million devices per square kilometer with next-generation cell phone systems (5G), compared with the 60,000 devices currently possible with current cell networks, with even faster networks on the horizon". Source: dni.gov

The influx of such a huge number of devices changes the dynamics and size of the cyberattack landscape and creates more potential entry points for malicious actors. Compared to laptops and smartphones, most IoT devices have less processing and storage capabilities. This can make it difficult to protect them with firewalls, antivirus, and other security applications to safeguard them. These advancements have increased the organisation's technological footprint and the cyberattack landscape, with the possibility of threat events (malicious and accidental) occurring more frequently.

With the introduction and adoption of cloud services, the physical permitter has been erased; now anyone can reach cloud from any part of the world. Although cloud services offer a range of benefits – scalability, efficiency, and cost savings, however, they are also a prime target for cyber attackers. We have seen in the recent past that misconfigured / unsecured cloud settings are a significant cause of data breaches and unauthorised access, insecure interfaces, and account hijacking.

Securing these vast attack surfaces mentioned above is a herculean task for the businesses, making it more and more pertinent to hire relevant cyber experts/teams and implement tailored automated cybersecurity solutions to conduct the business in a safe and secure environment.

Increased digitalisation (some reports estimates that, digital transformation was advanced by up to seven years in 2020) and use of emerging technology solutions has made many organisations efficient and sustainable. However, it has also opened the door for complex cybersecurity challenges to be tackled by experts. This, combined with the usage of technologies ranging from outdated/unsupported systems to emerging technologies under a single roof, creates a unique problem for each organisation.

As we have seen, no two networks are the same so, a universal solution to Cybersecurity for all organisations is a myth. In practice there is no "one-size-fits-all" solution to Cybersecurity. It is a challenge that requires constant tweaking and changes to meet evolving cyber threats and attack vectors. Having said that, Cybersecurity has some of the universal concepts to be adopted, such as:

• Defence in depth is a concept used in Cybersecurity in which multiple layers of security controls (defence) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails, or a vulnerability is exploited that can cover aspects of personnel, procedural, technical, and physical security for the duration of the system's life cycle.
• The principle of Least Privilege requires policy and technical controls only to assign users, systems, and processes access to resources (networks, systems, and files) that are necessary to perform their assigned function.

Zero Trust Security Model (also, zero trust architecture, zero trust network architecture, ZTA, ZTNA), sometimes known as perimeter-less security, describes an approach to the designing and implementing IT systems. The central concept behind zero trust is that devices should not be trusted by default, even if they are connected to a managed corporate network such as the corporate LAN and even if they were previously verified.

As the cyber-attacks trends to grow on a massive scale, it becomes practically impossible for humans to handle these attacks alone. According to Security Magazine, there are over 2,200 attacks each day; apart from these, there are a huge number of attempts that are targeted towards various organisations by cybercriminals to gain access. Further, A research study conducted by Deep Instinct reports on the hundreds of millions of attempted cyberattacks that occurred every day throughout 2020 show that malware increased by 358% overall and ransomware increased by 435% compared with 2019. As a result, businesses are increasingly moving towards AI and machine learning solutions to enhance their security infrastructure. There are cost savings to doing so: organisations that suffered a data breach but had AI technology fully deployed saved an average of $3.58 million in 2020 - Kaspersky.

As the market continues to evolve and churn out AI and machine learning enabled security systems, it's been beneficial to both large and smaller organisations. For large organisations, it can digest and analyse large volumes of events and risk data to eliminate false positives and come up with real incidents affecting business; and for small organisations it can take up the task of analysing cybersecurity events and help them to continue securing the organisation with under-resourced teams.

It should be noted that practical application of AI and machine learning to Cybersecurity are still developing and acts as a double-edged sword, it can be utilised by Cybercriminals too to come up with sophisticated large volumes of automated attacks.

As people become more and more cyber-aware, the focus has also increased on cybersecurity incidents and data breaches globally. In general, it has led to increased scrutiny by shareholders, regulators, and the public on the Cybersecurity ecosystem for the businesses. To deal with this increased scrutiny, organisations have formed focused groups and committees to govern and monitor cybersecurity activities, often led by one of the board members with a Cybersecurity background and supported by external advisors. Further, Cybersecurity matters have also made their way on board's plan, making it essential for the board to be more and more cyber aware.

We have seen many governments and Cybersecurity bodies come up with guidance and toolkits such as "Introduction to cyber security for Board members" – NCSC UK which is created to encourage essential discussions about Cybersecurity to take place between the Board and their technical experts.

With the guidance and support to boards and committee, the 'organisation's CISO and Cybersecurity management can count on harder questions with increased scrutiny and expectations and increase in support and resources.

With the rapid changes forced on the businesses due to COVID-19, the remote working environment was introduced without much preparedness to facilitate business continuity. It led to increased use of personal devices and various approved and unapproved applications to support teams when working from home. This influx of newer technologies and products has put to the test the organisation's existing cybersecurity procedures and has exposed shortcomings and weaknesses that many organisations need to address to protect themselves from ever-changing threats and attacks.

Surveys have suggested that post pandemic, many organisations will continue having remote working concept for their staff, and in some cases, may permanently implement remote working for specific teams which doesn't require physical presence. Therefore, organisations will need to adopt a long-term 'Remote Access Security' strategy and fix current security weakness (in some cases total reboot of policies and technology solutions) in their environment that were left unattended during the sudden shift to remote working due to pandemic.

Some of the ways to protect the organisations and individuals can be found in this article "Protect your organisation from cyber-attack when working from home (COVID-19)" which talks about the ways cybercriminals are using to attack such as Phishing Emails, Social Messaging Apps, Mobile Applications, Fake Websites etc. and how to get protected against the same.

In today's technology-connected world, regardless of an organisation's size, industry, or the products/ services it provides, the probability of being exposed to cyberattacks has significantly increased. To be protected from these cyber risks, it is imperative that all organisations have a cyber incident response plan in place with experienced team (internal/outsourced) to detect, respond and recover from cyberattacks swiftly.

A cyberattack happens every 39 seconds, and the average cost of a cyberattack is $3.86M. as we look at these stats, it becomes necessary for an organisation to have a robust, proactive mechanism in place to deal with cyberattacks/incidents.

The new normal of a hybrid workforce, agile technologies, and changing organisational functions requires a resilient cybersecurity capability that can keep up with the continuously evolving threat landscape. A resilient capability addresses Cybersecurity proactively through a series of controls of people, processes, and technology, layered to mitigate threats and protect valuable information and systems.

As a proactive step, organisations are implementing a cyber incident response plan to address a data breach in a systematic and phased manner. Also, organisations are realising that a Cyber incident response plan is not worth much if it's only on paper, it must be put to the test. Therefore, organisations are conducting security drills and identifying weak spots will go a long way in validating 'organisation's readiness for detecting, analysing, containing, eradicating, and recovering from a real cyber incident.

According to the 2020 Cybersecurity Workforce (https://www.isc2.org/), the industry needs about 3 million qualified cybersecurity workers, and 64% of the cybersecurity professionals surveyed say their organisation is impacted by this cybersecurity skills shortage. This coupled with the growth rate of Cybersecurity industry, which is expected to grow 31% between 2019 and 2029, compared against 4% growth rate across most of the other industries, poses a huge challenge.

As more and more organisations are increasingly relying on technology, Cybersecurity acquires more and more importance in these organisations and its management. Further, it is not sufficient for the cybersecurity staff/teams to just be experts in technical areas, rather it's expected that they excel in soft skills such as being an efficient communicator and be business enablers by speaking the business language and imbibing the 'organisation's culture.