Coping with organisational cybersecurity challenges today
Cyber attacks have been on the rise for the last few years, and the shift to remote work that accompanied the pandemic has worsened the situation. Data from 2021 indicates that cyber attacks increased by over 50 percent year on year, with organisations facing between 800-1,000 attacks weekly, or even more depending on their location and industry. And these attacks are very costly. A single ransomware attack today, for example, can cost an organisation upwards of $2 million.
“The acceleration of digital transformation in organisations and the shift to work from home have created a broader surface attack area and more valuable data,” explained Lucas Salter, General Manager for the data protection solutions division at Dell Technologies Asia Pacific and Japan. “That increases the benefit to cyber criminals. The environment has gotten more complex, the problem has gotten more complex, and it's not going away.”
People Matters caught up with Salter to ask for his perspective on what organisations are doing to cope and what else they can do in an era of heightened cyber danger. Here are the highlights of the conversation.
You're working with organisations across a wide range of industries. What are you seeing in terms of their attitudes toward cybersecurity today?
We are generally seeing attitudes of heightened awareness, where they are looking at how to potentially sustainably solve the problem or stay ahead of the problem. But we also still see some organisations that think they are not at risk because they're not a bank or a critical infrastructure organisation. In reality, we are seeing every vertical in every industry attacked without discrimination.
Investment in cybersecurity is also increasing. In the Asia Pacific and Japan, IDC forecasts that the compound annual growth rate of cybersecurity spending up until 2025 will be greater than 14%. That double-digit increase in spending demonstrates that organisations realise there's a gap between their capabilities and their needs, and they are trying to do something more to solve the problem.
The challenge that they have is that it's a complex problem to solve, but they are facing a resource shortage in security skills, and in some cases, they are trying to do it with a flat to declining budget.
The shortage of cybersecurity talent comes up a lot today, even more so than the already well-known problem of tech talent in general. What do you see organisations doing to cope?
Since hiring is a challenge, they are turning to outsourcing. They are looking to extend their partnerships with organisations that can help them solve the problems at a bigger scale and leverage shared services. So, service providers like what we do at Dell, but also industry-level organisations and government-driven initiatives.
Security is a problem that everybody experiences, and so organisations are increasingly deriving a more collaborative approach with both industry and government to attempt to do more with less.
As a cybersecurity provider, what kind of asks are you seeing from organisations today?
More organisations are adopting a cyber resilience approach over and above cybersecurity alone. They are recognising that it's no longer a matter of whether they are compromised, it's a matter of when, and so their ability to respond and recover – to be resilient – in the face of a successful cyber attack is the determining factor as to how successful they will be in continuing to deliver services to their customers, or if they are in the public sector, their citizens. So organisations are looking for the capabilities and services that solve for an entire cybersecurity framework. They want to be able to drive a holistic strategy for both cybersecurity and cyber resilience.
When we think about cybersecurity strategies, prevention is always going to be better than cure. However, the industry has acknowledged that 100 percent prevention is not something that can necessarily be achieved. So what we're seeing now is that organisations are shifting some of their investment over to minimising or mitigating the impact of a successful cyber attack as a way of enhancing their business continuity strategy. In other words, they are including a cyber attack as a potential disaster to be planned for.
What should continuity after a cyber attack should look like – what should the objective be?
Firstly, organisations need to get their services back up and running. Whatever services they might provide – banking, health care, even if it is something less critical, they need to be able to get those services available and accessible as quickly as possible.
Next, cyber attacks impact data. And so a fundamental challenge that organisations will face is getting those services back up and running, fast, and with integrity, to ensure that their data isn't compromised. For example, if a health care organisation has been impacted by a cyber attack, they would need to ensure that their patient data is recovered with integrity and is in its unchanged form from when it was originally written.
Around those central issues of service restoration and access, you have the public relations aspect and of course the workforce aspect.
Response and recovery at speed, with integrity, is really important for any organisation to maintain the trust, brand and reputation of their customers or citizens, and also to enable their workforce to continue to work.
If an organisation is out to ramp up its cybersecurity capabilities, what are some do's and don'ts to begin with?
1. Patch your systems
2. Educate your employees
3. Understand where your data is and how it's being managed
4. Identify critical systems and assets to ensure that they are sufficiently protected
5. Work with your service providers to mitigate the risk of supply chain compromise and vulnerabilities outside of your control
6. Build out a cybersecurity strategy that leverages a known cybersecurity framework, and work with the guidance of your industry or country regulators
7. Ensure that you have a plan for the availability and recovery of your systems and data in the event of a cyber attack
You should also consider capabilities such as network segmentation, multi factor authentication, a zero trust framework and strategy.
Out of these areas, the ones to focus on would be employee education, patching your systems as fast as possible, leveraging multi factor authentication, developing a plan for a zero trust framework, and building out a resilience and recovery strategy for your critical systems data.
Employee education in particular would include encouraging your employees to take a risk based approach to how they go about their business, their data, and their interactions with technology. A lot of this is common sense: if you receive an email that looks suspicious, report to your organisation and don't click on it. If you see a USB drive lying around, report it to your organisation, don't put it in your laptop.
In today's world, people are operating at an unprecedented pace and scale. We are using more messaging services, we have more valuable data in our control, and we are constantly leveraging technology. And so people need to stay alert. We need to have robust security practices in place, keep our eyes on vulnerability and patch management, and ensure that we have a very sound last line of defense in place to ensure availability and recovery of data with integrity if and when they need it.