Cyber Security In An Ever-Growing Digital World 

Uploaded on 2023-06-01 in TECHNOLOGY--Resilience, FREE TO VIEW

 Digitalisation brings a whole new and complex data network to protect, harness, control and manage. Due to technological advances, data no longer travels in the simple and linear journey that was historically between organisations and applications.

Now, data is transacted in several additional ways, including between humans and artificial intelligence, between trade and transactions and between firms and nations, all resulting in a digital divide at a global scale. As more data-driven infrastructure technologies are introduced, the risk of cyberattacks increases.

Digital transformation is rapidly accelerating. The global digital transformation market is projected to grow from $2.27 trillion in 2023 to $8.92 trillion by 2030, according to a report by Fortune Business Insights. Businesses use technologies such as cloud computing, SaaS, IoT, remote/hybrid working, and mobile devices to increase productivity and improve customer experience. However, the rapid expansion of digital transformation results in an exponential increase in the potential attack surface for cybercriminals, making it increasingly difficult for organisations to monitor, detect, and respond to threats promptly. 

Threat Implications

While the collective move to digitalisation is positive, change always brings a certain degree of risk. We've already seen that the rise of eCommerce in recent years has attracted cyber criminals in their droves. According to Juniper Research, eCommerce losses to online payment fraud were estimated at 41 billion US dollars globally in 2022, and this is expected to grow further to 48 billion US dollars in 2023. Transformation as we know it usually manifests itself as a singular occurrence, but digital transformation will more than likely accelerate throughout 2023 and beyond, continually evolving and inevitably resulting in more attacks.

However, digital transformation can put some businesses at a disadvantage in meeting cybersecurity expectations regarding technological and financial capability.

If this is the case, organisations should re-evaluate their security needs, cutting back on those expenses that aren't required and re-investing in more streamlined solutions capable of providing modern support. For example, organisations could outsource to a Managed Detection and Response (MDR) service. This would enable an organisation to tap into market-leading security technologies and expertise without the expensive subscriptions and wage needed to reach the same level of security maturity in-house. 

The Role Of Cloud In The Digital World

As cloud technologies provide the backbone of this digital divide, it's clear that cloud adoption will continue to advance by driving business performance and providing agility. SaaS and IaaS models power many cloud transformations, and the number of new interactions between applications in the enterprise continues to expand. As a result, organisations will inevitably add more third-party SaaS and IaaS providers to their technology stack, so having a solid third-party security posture will be crucial.

This means that cyber-attacks on centralised cloud services will have a more significant impact, as we will experience threat actors taking advantage of misconfigured APIs to exploit private data at an unprecedented scale.

This can lead to core software code repositories becoming compromised, impacting thousands of organisations across the globe. With the increase of applications comes the increasing implementation of container security automation, a feasible strategy to maintain secure and compliant cloud-native container environments. 

Getting The Fundamentals Right

The increase in digital technologies has meant that the number of individual digital assets has also grown exponentially. Therefore, securing these assets and their communication is critical for data security. 

Historically, Identity and Access Management (IdAM) has been essential in delivering successful digital services, however, we've seen that many organisations have been complacent in this field. Some businesses are not monitoring which identities are being used and not keeping up with the removal of those that are not - exposing a huge gap in the security infrastructure, and one that could be avoided. 

To resolve this, businesses can implement zero-trust models using policy-as-code, blocking all unauthorised run-time network, process, and file activities as default protection. No single tool can create a zero-trust environment. A combination of SASE (Secure Access Service Edge), network segmentation and IdAM must be employed to reach this goal. There will be a series of additional smaller steps that organisations can take to ensure the maintenance and enhancement of zero-trust frameworks. Third parties become an extension of businesses, so zero-trust and other necessary security steps need to extend to them. It will also be critical to monitor transaction-level instances to ensure that access is controlled and managed appropriately.

What Does The Future Hold?

We must return to basic cyber hygiene to continue and reinforce cyber resilience. Greater regulation, security frameworks, and national resilience strategies should be implemented globally. CISOs need to recalculate their understanding of the internal and external threat profile, evaluate cybersecurity risks, reshape protection strategies, and develop a core security team that can demonstrate a resilient response to cyber-attacks. 

We must address the skills gap shortage as part of looking forward and planning. Digitalisation means we will automatically need more autonomy. However, contrary to popular opinion, the answer to this isn't replacing humans but hiring talent with automation and security engineering skills that will supplement existing capabilities.

Much like an annual spring clean, businesses must now also clean up and ensure everything is set and in its rightful place before they can move forward. 

Carl Shallow is Head of Cyber Security Advisory at Integrity360

You Might Also Read: 

How Can We Realise Cyber Resilience Through Education?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Microsoft 365 Under Threat From A New Phishing Tool
Lawyer Admits To Using ChatGPT  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Portnox

Portnox

In 2007, Portnox set out to create one of the world’s easiest to use, most loved, value-driven network security solutions — and our customers will tell you we’ve succeeded.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

SWAT Systems

SWAT Systems

SWAT Systems is an IT support and cyber security managed service provider.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

Techfusion

Techfusion

Techfusion is a cyber security research and consulting firm focusing on digital forensics and data recovery.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.