Cyber Security Priorities For The New Normal

Uploaded on 2021-09-29 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The COVID-19 crisis has ushered in a new era, filled with challenges for cyber security professionals and while the world has battled a global health crisis, Chief Information Officers (CISOs) were fighting off an unprecedented number of cyber attacks and looking for ways to secure a remote workforce most weren’t prepared to support.

Over the past year, CISOs have had to grapple with the challenges of strengthening their organisation's security posture, minimising risks, and ensuring business continuity in the new normal. 

The Coronavirus has placed an enormous strain on the global economy, and cyber criminals took advantage of that and accelerated their activities and cyber security teams  were challenged to shore up their security posture in the new hybrid  environment characterised by a high level of risky remote working. 

The rise in volumes and sophistication of cyber attacks in the a hybrid working environment has only compounded the challenges and this necessitates a shift in cyber security priorities.

Cyber security has jumped up the list of corporate priorites  which has put CISOs in the hot seat as business leaders worry that it could be their names inthe headlines striggling to explain how a breach occurred. CISOs must focus on security fundamentals, including asset management, password management, cyber hygiene, configuration, patching, threat detection and prevention, user education, reporting and documentation.

Cyber security is a business issue and needs to be treated as one, instead of being looked at as an IT issue. CISOs need to be aware of the business risks. Similarly, the other business leaders need to be aware of the threat landscape, the security risks involved, and the level of investment required to counter them and strengthen the security posture. 

Without a solid foundation investment in cyber security will not yield the intended benefits. 

Organisations must redesign their security defenses in such a manner that it works, with or without the secure, controlled environment of the office premises. 

  • The security solution chosen must offer always-on, multi-layered, intelligent protection against existing and emerging threats.
  • Organisations need to create a culture of cyber security that starts with the CEO. Onle when the organisation's  decison makers display leadership employees are much better motivayed to adopting and maintain effective standards of security in their routine work. 

The level of sophistication of attacks has increased manifold in the past couple of years. Attackers leveraging advanced technology to infiltrate company networks and gain access to mission-critical assets. In this situation, organisations too need to leverage technology such as next-generation WAF, intelligent automation, behavior analytics, deep learning and security analytics to prevent even the most complex and sophisticated attacks. Automation of security processes enables organisations to gain speed and scalability in the broader IT environment with increased attack activity. 

Some 64% of CISOs fear their companies are at risk of a major cyber attack in the coming year and 66% feel their organisation is unprepared to handle it, according to the the 2020 CISO Report from security software maker Proofpoint.

Today,  CISOs need to redesign their security controls and identity and access management policies to reflect the current scenario.

  • CISOs  must have full visibility into connected devices and the rapidly expanding endpoints. They must have updated intelligence on what data is produced by the connected devices, who is connecting to company networks and from where, what are they accessing and exactly what they authorised to access.
  • Another challenge is the rapid adoption of cloud computing by a growing number of organisations and the almost instant surge in the use of public cloud and cloud-native resources driven by remote working. This isn't temporary and it looks like the shift to the cloud  is permanent.

All this means that CISOs need to rethink their security policies to secure the cloud infrastructure. They must deploy new intelligent tools & technology, holistic processes, and comprehensive governance models that provide visibility into the cloud environment and help secure the cloud infrastructure.

Developing Robust Strategy & Tactics

Organisations typically have security incident response plans and business continuity plans. But neither of these factored in the  worldwide impact of Coronavirus.Clearly, the cyber security priorities for 2022 and beyond require CISOs and business leaders to develop robust continuity and resilience plans for such events:- 

  • The effect of the Coronavirus has strengthened the case for creating autonomous teams in a hybrid work environment to ensure increased agility and responsiveness to the relentless pace of change.
  • Email is one of the largest and most vulnerable pipelines for malicious actors to enter an organisation and compromise its data. 2020 clearly showed that more than 20% of known threats routinely executed some form of an email-based phishing attack against industry networks. 

The cyber security priorities for 2022  provide a route map for how CISOs can redesign their organisation's cyber  security to be better equipped for the future.

For more specific cyber training suggestions please contact Cyber Security Intelligence for advice and recommendatsion  about cyber security employee training.

The Hacker News:     CSO Online:       Proofpoint:     Techtarget:     ArcServe:      CBI Secure

You Might Also Read:

Cyber Security Resolutions: (£)

 

« Europol Breaks Open Mafia Cyber Crime Group
Treason: Top Cyber Security Executive Arrested »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FDM Group

FDM Group

FDM Group is an international Professional services company with a focus on IT. Services offered include Software Testing, and Information Security with a focus on operational security and compliance.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

Fraugster

Fraugster

Fraugster provides the most precise anti-fraud solution for e-commerce businesses.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.

PureID

PureID

Protect your enterprise with PureAUTH #IAMFirewall, Resilient SSO platform, purpose built to provide Passwordless Authentication & Zero Trust Access, by default.

Dream

Dream

Dream is developing an AI platform that enables cyber resilience and protects nations from hostile nation-states cyber attacks.