A Multi-layered Security Approach

Business is everywhere, Security should be too.

Accelerated digital transformation, hybrid working, and technological advancement leave organisations increasingly prone to cyberattacks. Cybersecurity is a high priority for senior management. It demands that a multi-layered approach to security be adopted to mitigate risk and the consequences of a severe data breach. Without it organisations focused on change, transformation and growth can instead find their plans constrained and never realising their full potential.

Culture is also an extremely important factor to consider when discussing the prevention of increasingly sophisticated cyber attacks amidst the development of beneficial change. According to info security 2023, internal research conducted via Telstra Purple revealed that many organisations claimed their security culture was “highly proactive” (70%), “collaborative” (69%), “transparent” (68%) and “inclusive” (67%). Roughly 50% of senior security leaders surveyed had suffered a historic data breach. Of those who had not, it was clear that a ‘collaborative’ culture was key to deterring cyber attacks and debilitating data breaches.

Across industries, technology is being embraced to change the way companies work and operate: flexible work is expanding talent pools; analysis of IoT data is improving organisational efficiencies; cloud is providing a flexible and scalable IT infrastructure; AI is automating processes from the back office to customer care.

Technology is helping businesses realise their goals quicker, gain competitive advantage, improve customer experience, break down geographic constraints to growth and improve overall efficiency. All of this couldn’t have come sooner, given the geopolitical climate, macroeconomic headwinds, and the COVID hangover.

In an increasingly interconnected world, however, cyber threats are evolving faster than ever. It is little surprise, therefore, that according to ClubCISO’s Information Security Maturity Report 2022, 91% of CISOs said they had accelerated their cybersecurity tactics over the past twelve months. There is still much to be done. Such is the challenge and potential impact of a large-scale breach on an organisation that Gartner predicts by 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a board member to improve the visibility of cybersecurity risk.

The threat landscape continues to grow

The digital transformation era has dramatically changed how organisations operate and manage processes, systems, and data. While the business benefits are significant, it has also opened up and expanded the threat landscape. So much so that Gartner maintains that nearly 90% of enterprises now face some form of cyberattack every month.

Despite enterprises continuing their investment in cybersecurity, the threat landscape remains a massive issue with digital business transformation, hybrid workforces, and interconnected digital supply chains, widening the attack surface, maintains Gartner.

Advances have shown a growth in third-party supply chain exposure, Denial of Service and Distributed Denial of Service attacks, ransomware, phishing, injecting security vulnerabilities into development cycles, utilisation of code libraries, attacks on aged, legacy systems, and more recently deep fakes. The latter is where deep learning AI is exploited to replace the likeness of a person with another in video and other digital media. It can be used to tarnish the reputations of enterprises and extort influential business leaders, for example. Gartner maintains that 20% of successful account takeover attacks this year will use deep fakes to socially engineer users to hand over sensitive data or money.

Governments are also already discussing the advancement in quantum computing and the implications of ‘hack now, decrypt later’ attacks that potentially pose substantial security issues. Data is stolen to be hacked later when quantum computing advances. The Department of Homeland Security in the US has already issued guidance to mitigate security risks in quantum computer environments, for example.

Phishing, however, remains the most popular attack in the UK. Of the 39% of UK businesses that identified an attack in 2022, the most common threat vector was phishing attempts, standing at 83%.

Cybersecurity is now an imperative

All of these challenges have created a multitude of simultaneous and magnified problems. Many enterprises are still slow to put strategies in place. According to UK government statistics, only 54% of UK businesses have acted in the past 12 months to identify cybersecurity risk, including a range of actions.

Lack of visibility, alert fatigue from information overload, and insufficient resources, skills, and capabilities can lead to increased security and management costs, system downtime, and failure to comply with regulatory requirements. Not to mention reputational damage and a significant dent in the bottom line.

Make sure security links with business goals

Most enterprises now have recognised the need for a multi-layered security Services approach that optimises technology with people and processes. However, this isn’t enough.

Security needs to be linked through the DNA of the organisation to ensure that it is coordinated with business goals, working seamlessly from top to bottom. In order for organisations to avoid the problems and pitfalls associated with the increasingly complex landscape in which they operate and realise the technological advantages afforded to them, it is important conversations are focused on what they are hoping to achieve and why, and an optimised operating model of how drawn up. In doing so, a multi layered security approach can mitigate risk, address threats, and facilitate business outcomes.

Business is everywhere, security should be too.