Cyber Security Strategies Need To Evolve Alongside The Enterprise

Uploaded on 2023-02-23 in TECHNOLOGY--Resilience, FREE TO VIEW

It wasn’t until recently that the C-suite could have long discussions surrounding technology solutions and strategies without having to give security a second thought. Today, however, that’s almost unfathomable. 

Where the pandemic induced a transition to hybrid working out of necessity, operational changes were initially additive. The mindset was one of temporary solutions to temporary challenges - employees needed frictionless computing, so companies would introduce applications and infrastructure in the interim that would ensure productivity could continue in a remote setting.  

Now that we have a clearer view of where and how people will work, this approach has had to change. For hybrid and remote models to be secure and sustainable, new structures need to be developed that work for everybody – wherever they are and however they’re working – while also keeping data safe and secure. 

No longer is security a case of protecting one specific network for the company; the hard-shell perimeter of the office.

As well as threat actors continually evolving their methods to circumvent existing security frameworks, organisations now need to protect substantial digital asset bases and business-critical applications extending across increasingly connected global networks.  

Security Is A Growing Consideration 

This changing state of play has allowed security to knock loudly on the front doors of the business decision makers.  It is now a key strategic consideration. Indeed, there is little point in a company implementing a solution designed to enhance productivity if that very same solution undermines security and leaves firms exposed to suffering financially crippling breaches – indeed, according to IBM, the average cost of a breach in 2022 was $4.24 million.  

Security teams now need to adapt and align their approaches to ensure they are considering the wider needs to the business and their colleagues. Much of this is about communicating more openly and actively, and in understandable ways, to ensure everyone is up to speed on key cyber trends.  

Protecting the enterprise needs to be the responsibility of everybody. Organisations today hold lots of information in a variety of formats, stored across different departments using different solutions. Not only is this information vital to an enterprise (intellectual property) and its customers (personal and financial data), but it often may be data belonging to third parties (customers, business partners, suppliers, etc). 

To mitigate this risk, it is critical that a cybersecurity workplace culture is created – where security becomes a primary consideration all aspects of operations; part and parcel of how work is done.  

Building A Better Understanding Works Both Ways 

CISOs need to be on the ground as much as they are in the boardroom, gaining a comprehensive understanding of potential risks that hybrid working could pose. For example, those working from home may be leveraging networks with outdated and exploitable factory settings, devices may not be updated in a timely fashion, preventing the patching of vulnerabilities that attackers can utilise. And shadow IT is also a problem, where staff members may be using unmanaged, unprotected devices to access sensitive data on corporate networks. 

Security should be easy to embrace - if it is not, it will be ignored or even worse circumvented. If security requires end users to jump through additional layers of red tape or suffer process changes or loss of performance in order to do their job, they will find ways to operate that work for them that remove those barriers such as using personal devices and creating potentially invisible backdoors into the organization.  

Understanding Behaviours To Reduce Risk Factors   

Critically, CISOs must recognise that an understanding of the social, economic and mental health impacts of workers is required in a hybrid environment to reduce social engineering risk factors. By identifying and targeting common psychological triggers and gaining the trust of the potential target, attackers are finding greater success in overcoming individuals’ natural defensive instincts. 

Ensuring employees are aware that these are the sorts of tactics that can be employed is vital. Showing highly advanced spear phishing examples can be a way of instilling a more conscious mindset. 

Critically, as the lines begin to break down between security and the wider business, the opportunities need to maximise in this way. By adapting security strategies to meet the needs of users and better address growing threats simultaneously, firms can ensure all employees become patrons of security - not the individuals undermining it.  

Mark Guntrip is Senior Director of Cybersecurity Strategy at Menlo Security

You Might Also Read:

Under Pressure - Can CISOs Avoid Burnout?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cybersecurity & The New Space Race
Digital Platform Regulation - Impossible? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC is a cyber security research and development and training centre

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

Maticmind

Maticmind

Maticmind is an ICT System Integrator providing solutions and specialized skills in Networking, Security, Unified Communications & Collaboration, Datacenter & Cloud and Application.

Aiuken Cybersecurity

Aiuken Cybersecurity

Aiuken is an international IT Security company, focused on communications and IT technologies, specialised in Security and Cloud Services solutions with high added value.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Theos Cyber Solutions

Theos Cyber Solutions

Theos Cyber provides service-first cybersecurity solutions to digital businesses in Asia.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.