Cyber Security In An Ever-Growing Digital World 

Uploaded on 2023-06-01 in TECHNOLOGY--Resilience, FREE TO VIEW

 Digitalisation brings a whole new and complex data network to protect, harness, control and manage. Due to technological advances, data no longer travels in the simple and linear journey that was historically between organisations and applications.

Now, data is transacted in several additional ways, including between humans and artificial intelligence, between trade and transactions and between firms and nations, all resulting in a digital divide at a global scale. As more data-driven infrastructure technologies are introduced, the risk of cyberattacks increases.

Digital transformation is rapidly accelerating. The global digital transformation market is projected to grow from $2.27 trillion in 2023 to $8.92 trillion by 2030, according to a report by Fortune Business Insights. Businesses use technologies such as cloud computing, SaaS, IoT, remote/hybrid working, and mobile devices to increase productivity and improve customer experience. However, the rapid expansion of digital transformation results in an exponential increase in the potential attack surface for cybercriminals, making it increasingly difficult for organisations to monitor, detect, and respond to threats promptly. 

Threat Implications

While the collective move to digitalisation is positive, change always brings a certain degree of risk. We've already seen that the rise of eCommerce in recent years has attracted cyber criminals in their droves. According to Juniper Research, eCommerce losses to online payment fraud were estimated at 41 billion US dollars globally in 2022, and this is expected to grow further to 48 billion US dollars in 2023. Transformation as we know it usually manifests itself as a singular occurrence, but digital transformation will more than likely accelerate throughout 2023 and beyond, continually evolving and inevitably resulting in more attacks.

However, digital transformation can put some businesses at a disadvantage in meeting cybersecurity expectations regarding technological and financial capability.

If this is the case, organisations should re-evaluate their security needs, cutting back on those expenses that aren't required and re-investing in more streamlined solutions capable of providing modern support. For example, organisations could outsource to a Managed Detection and Response (MDR) service. This would enable an organisation to tap into market-leading security technologies and expertise without the expensive subscriptions and wage needed to reach the same level of security maturity in-house. 

The Role Of Cloud In The Digital World

As cloud technologies provide the backbone of this digital divide, it's clear that cloud adoption will continue to advance by driving business performance and providing agility. SaaS and IaaS models power many cloud transformations, and the number of new interactions between applications in the enterprise continues to expand. As a result, organisations will inevitably add more third-party SaaS and IaaS providers to their technology stack, so having a solid third-party security posture will be crucial.

This means that cyber-attacks on centralised cloud services will have a more significant impact, as we will experience threat actors taking advantage of misconfigured APIs to exploit private data at an unprecedented scale.

This can lead to core software code repositories becoming compromised, impacting thousands of organisations across the globe. With the increase of applications comes the increasing implementation of container security automation, a feasible strategy to maintain secure and compliant cloud-native container environments. 

Getting The Fundamentals Right

The increase in digital technologies has meant that the number of individual digital assets has also grown exponentially. Therefore, securing these assets and their communication is critical for data security. 

Historically, Identity and Access Management (IdAM) has been essential in delivering successful digital services, however, we've seen that many organisations have been complacent in this field. Some businesses are not monitoring which identities are being used and not keeping up with the removal of those that are not - exposing a huge gap in the security infrastructure, and one that could be avoided. 

To resolve this, businesses can implement zero-trust models using policy-as-code, blocking all unauthorised run-time network, process, and file activities as default protection. No single tool can create a zero-trust environment. A combination of SASE (Secure Access Service Edge), network segmentation and IdAM must be employed to reach this goal. There will be a series of additional smaller steps that organisations can take to ensure the maintenance and enhancement of zero-trust frameworks. Third parties become an extension of businesses, so zero-trust and other necessary security steps need to extend to them. It will also be critical to monitor transaction-level instances to ensure that access is controlled and managed appropriately.

What Does The Future Hold?

We must return to basic cyber hygiene to continue and reinforce cyber resilience. Greater regulation, security frameworks, and national resilience strategies should be implemented globally. CISOs need to recalculate their understanding of the internal and external threat profile, evaluate cybersecurity risks, reshape protection strategies, and develop a core security team that can demonstrate a resilient response to cyber-attacks. 

We must address the skills gap shortage as part of looking forward and planning. Digitalisation means we will automatically need more autonomy. However, contrary to popular opinion, the answer to this isn't replacing humans but hiring talent with automation and security engineering skills that will supplement existing capabilities.

Much like an annual spring clean, businesses must now also clean up and ensure everything is set and in its rightful place before they can move forward. 

Carl Shallow is Head of Cyber Security Advisory at Integrity360

You Might Also Read: 

How Can We Realise Cyber Resilience Through Education?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Microsoft 365 Under Threat From A New Phishing Tool
Lawyer Admits To Using ChatGPT  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

R2S Technologies

R2S Technologies

R2S can help you implement a cyber security framework to ensure your business is more resilient towards the growing threat of cyber crime. We provide Web and Mobile Application Security Assessment..

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

PhishX

PhishX

PhishX is a SaaS platform for security awareness that simulates Cyberthreats, train people, while measure and analysis results, reducing Cybersecurity risks for People and Companies.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Tapestry Technologies

Tapestry Technologies

Tapestry Technologies supports the Department of Defense in shaping its approach to cybersecurity.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

Inspectiv

Inspectiv

Inspectiv offers a turn-key solution to continuously identify security vulnerabilities and provide security assurance.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.