Being able to retain customer (opens in new tab) trust has never been more important – or more difficult – following the events of 2020. With so much disarray and widespread changes to working patterns, such as the mass migration to remote working (opens in new tab), the job of keeping businesses secure has never proved such a challenge.
Between more sophisticated cybercriminals and immense pressure to ensure governance on compliance, 2021 is already shaping up to be a minefield. And as such, cybersecurity has risen to the top of most organizations’ agendas.
It can be difficult to determine where to start when it comes to cybersecurity (opens in new tab). So here are three areas every business should be thinking about when addressing their data (opens in new tab) protection challenges.
1. Watch out – dark clouds are on the horizon
Businesses haven’t been the only ones accelerating their digital transformation over the past year – cybercriminals have been hard at it too.
There has been a sharp rise in ‘Dark Clouds’ as cybercriminals have migrated to the cloud, often for the same reasons businesses have – cloud computing (opens in new tab) allows them to avoid big up-front capital expenses, paying monthly for their shady businesses, and scaling up only when they need to. Coupled with the ability to access information from anywhere, it’s no wonder we’re seeing cybercriminals innovate.
This ranges from cloud-based caches filled with stolen user data such as email (opens in new tab) addresses and authentication credentials, to personal identifiable information (PII) such as scans of passports, driver’s licenses and bank invoices.
Data exfiltration has become so valuable it’s now the backbone of all cyberattacks. And it may only take one breach to ruin your reputation and relationship with your customers.
That’s why not having an effective cybersecurity program in place puts your business continuity at risk. Because, you’re either going to be one of those proactive organizations aggressively looking to strengthen your systems ahead of time, or the other type of business that’s not doing that – and becoming more vulnerable with every passing day.
2. Team up – cybersecurity has turned personal
Between collaborating cybercriminals, the upwards trajectory of data growth and the distributed workforce, the risk factor for every business is accelerating.
This is one reason why we expect to see most businesses increase their general IT spending by around 5-10% this year, despite the economic impact of the pandemic. And we anticipate that most of that allocation will go towards IT security. But even with these investments, it won’t be enough to cover all the potential threat vectors. So, businesses will still be forced to place strategic bets across their people, processes and technology in the hope of covering their weakest points.
For example, will you invest in the education of employees (opens in new tab) (after all, people are always going to be the biggest weakness), or put that money into optimizing and securing processes by investing in a Security Operations Centre (SOC)? Or, will new technology be the most effective investment?
It’s impossible for every business to get this mix perfectly right, so business leaders need to also strategize how best to avoid cyberattacks. Too often, businesses expect their security team to handle this. But, most of the time, this leads to an over-reliance on IT professionals who are already stretched thin by constantly putting out fires. They don’t also have the time to develop this strategy.
That’s why making sure every member of the company plays in the cybersecurity challenge is key. For example, while employees may be a business’ biggest weakness, they also form the ‘human firewall’ and need to be equipped to do just that – which takes education. But don’t let the collaboration (opens in new tab) end there – your entire ecosystem of peer-like organizations, experts, suppliers, vendors and even the government should be aligned and geared towards combating this threat.
Cybercriminals are already working together on a large scale, sharing information about critical vulnerabilities, breached systems and targets extremely fast. So, don’t fight alone; work with contacts in the relevant authorities, whether that’s the Information Commissioner’s Office (ICO), industry bodies, or even speaking to similarly sized organizations in other sectors, to figure out how to best utilize risk management models and resiliency plans.
By ensuring you follow government regulations, the increased alignment and information sharing between the government and private organizations will help speed up the identification of threats and lead to faster resolutions.
3. Gear up – look to hybrid security and intelligent backup to stay ahead
Technology is always going to be the heart of your cybersecurity fight, but no one product is going to maximize your cybersecurity state – you need to invest in your desired outcome. To do that, organizations need to look for software-defined models integrated with external services – a hybrid security approach.
This includes cloud-based software such as PenTesting-as-a-Service (PtaaS), Scanning-as-a-Service (ScaaS), Network Defense-as-a-Service (NDaaS), Disaster Recovery-as-a-Service (DRaaS (opens in new tab)) and Backup-as-a-Service (BaaS).
A hybrid security approach which has your internal security teams connected to external cybersecurity experts and law enforcement will keep you the most secure, while also helping raise the experience level of your security teams.
Conversely, backup should play a bigger role within organizations. It not only gives organizations the ability to restore and forensically analyze data in the event of a breach, but in a world that’s becoming more critically reliant on ballooning data stores to improve customer experience, backup can help better utilize it.
We’re already seeing some organizations combine application owners, backup, analytics (opens in new tab) and security teams in a new (virtual) data management team. This way, they can tackle the challenges around exposed data, service level expectation and risk growth in the most beneficial and economical way.
Ultimately, for businesses to really keep up with their growing data and continue to derive useful insights from it, they will need to invest in tools powered by Machine Learning (opens in new tab) (ML) and Artificial Intelligence (opens in new tab) (AI) to speed up data extraction and analysis processes. As these technologies are also significant weapons in cybersecurity as well aiding in data-driven decision-making, their adoption is expected to grow at a rapid pace and will add tremendous intelligence and power to the fight.
At its crux, the takeaway here is that in getting prepared for cyberthreats, you will also be putting your business ahead of competitors and boost your productivity. So, don’t just choose a supplier or buy a new product – build an ecosystem that will stand by your side when the cybersecurity battle starts to heat up.
- Edwin Weijdema is Global Technologist, Product Strategy at Veeam (opens in new tab).
- We've featured the best cloud storage (opens in new tab).