Cybersecurity has improved over the years with the introduction of innovative solutions and collaboration among security professionals and organizations. However, the challenges are endless and it only makes sense to address them with continuous evolution and improvements.
ISACA’s State of Cybersecurity 2021 report shows that cybersecurity awareness has risen, but the number of cyber-attacks has also increased. The report suggests the need for cybersecurity maturity among organizations. There have been improvements when it comes to the security controls installed and the desire among organizations to become more secure, but serious threats refuse to go away.
In 2021, how are organizations facing the new challenges in cybersecurity especially with the rise of more sophisticated and aggressive attacks? What lessons on cybersecurity have been imparted by 2021 so far?
Continuous Security Validation Is A Must
It is not enough to simply have the right security controls in place. Every security posture should have security testing or validation as a critical component. Security tools and measures mean nothing if they do not actually work in the face of an actual cyber attack. Hence, there is a need for security validation, but it’s not merely security testing but continuous security validation with extended security posture management.
The range of cyber threats that can affect an organization never stays the same. As cybercriminals tweak or retool their attacks to evade security controls, it is possible for vulnerabilities to open up. Temporary weaknesses in cyber defenses, even in just a matter of minutes, are enough for bad actors to exploit vulnerabilities and introduce malicious software and other attacks that can serve as the initial stages of bigger and more complex assaults later on.
It is encouraging to see that many cybersecurity platforms are already taking security validation seriously. Many are assessing and improving their security posture with the help of advanced techniques including purple teaming and breach and attack simulation. Additionally, global cooperation through initiatives like the MITRE ATT&CK framework significantly help organizations in more effectively and efficiently spotting threats and addressing them promptly.
Accelerated Cloud Adoption Equals More Security Risks
As more organizations embrace cloud computing, it is inevitable for new vulnerabilities and threats to emerge. The cloud certainly brings advantages with it, but it also stirs new challenges especially in terms of security. A report on the state of cloud adoption in 2021, indicates the need for more secure cloud infrastructure and expertise.
Three takeaways that stand out in the study are as follows:
- 83 percent of organizations agree that cloud-based development and deployment are crucial IT priorities in 2021
- 53 percent say that security is a challenge that should be addressed while 54 percent say that integration with on-prem technologies is important in developing cloud applications.
- 92 percent of organizations that build more than 75 percent of their apps on the cloud express interest in solutions that automate proactive security and compliance.
It is clear that more enterprises are moving to the cloud, and they acknowledge that doing so entails more risks and the need to align their technologies with a new infrastructure. It is not coincidental that security firms are responding to this need as they make their cybersecurity platforms more in tune with the need to operate on the cloud and address the security complexities of unfamiliar new arrangements and configurations.
Organizations need a cybersecurity validation system that ensures visibility across the full cyber kill chain. An organization’s security testing approach should see to it that the entire IT environment, cloud initiatives, as well as critical or sensitive data are kept secure at all times.
Cybersecurity Interdependence
As organizations embrace globalization and the need to operate in different locations, they need to contend with the complexities of their IT systems. Add to this the ubiquitous use of web-enabled devices, including IoT, that form part of the IT networks of global businesses. There’s also the rise of the remote work setup, which further amplifies the complexities of organizational IT.
The World Economic Forum (WEF), in its Davos Agenda 2021, cites the need for an all-inclusive and cross-collaborative process to ensure the protection of an entire IT ecosystem. No single branch, department, or unit can be made solely responsible for the cybersecurity of an organization, especially for one that operates across different geographic locations.
“The ecosystem is only as strong as its weakest link. The recent attacks against FireEye and SolarWinds highlight the sensitivity of supply chain issues and dependence on providers of IT functionality and services. Organizations must consider what the breadth of this exposure really means and must take steps to assess the real extent of their entire attack surface and resilience to threats,” write WEF Strategic Initiatives Lead Algirde Pipikaite et al in their article for the Davos Agenda.
It is important for everyone to become a part of the cybersecurity of the entire organization. Orientation or training sessions should be provided. Also, it is advisable to have a unified cybersecurity platform that enhances security visibility and minimizes the possibility of having unaddressed vulnerabilities and overlooked breaches.
Lack of Cybersecurity Expertise
Another important challenge mentioned in The Davos Agenda 2021 is the lack of cybersecurity expertise. This coincides with the study conducted by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG), which says that 57 percent of organizations have been affected by the shortage of cybersecurity skills.
Also, the study reports that this shortage has resulted in increased workload among cybersecurity teams, a high job burnout rate, and unfilled vacancies for cybersecurity posts. “Further, 95% of respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 44% say it has only gotten worse,” the report writes.
To address this challenge, organizations are expected to come up with a proactive plan for their businesses to establish their own cybersecurity workforce. The training and investments in additional hardware and software may not be cheap, but they are crucial in having an effective security posture. Organizations need to look at the long-term benefits and the broader cybersecurity picture.
Alternatively, organizations can rely on third-party cybersecurity platforms run by security experts with years or decades of experience in the field and access to the best technologies useful in keeping up with the evolving threat landscape.
Facing Off With The Persistent Challenges
Given the lingering impact of the pandemic, it can be said that nothing much has changed when it comes to the cybersecurity challenges organizations are facing. The need for continuous security testing, the growing complexities of the networks that need to be secured, and the shortage of security experts continue to rattle organizations worldwide. However, the rise of innovative security solutions and the growing awareness of the importance of solid cybersecurity among organizations provide an optimistic silver lining for everyone.
Follow Techdee for more!