The amount of cyberattacks has increased significantly over the last year. However, in spite of this, nearly 9 out of 10 companies (87%) don’t have sufficient budget to implement totally effective cybersecurity systems. This is according to the Global Information Security Survey, carried out by the consulting firm EY. In fact, 55% of the executives surveyed by EY don’t take cybersecurity into account as a vital part of their business strategy.
Disregarding the security of devices and corporate networks can be extremely dangerous for companies of any size. Aside from the financial costs stemming from repairing systems and the interruption of business activities, a lack of effective protection can seriously dent a company’s standing. We’re going to take a look at the state of corporate cybersecurity according to EY’s report, and discover what measures we can take to safeguard our systems.
In search of more efficient cybersecurity
The study states that 77% of organizations are currently seeking to move beyond more basic cybersecurity measures. Organizations are still working on the essential points in their strategies. At the same time, they are reconsidering their approaches, along with their IT infrastructure, in order to make their solutions more efficient. According to the report, part of this effort is considering and implementing solutions that make use of artificial intelligence, robotic process automation, analytics and more, to increase the security of their key assets and data. More specifically, companies have shown great interest in tools based on machine learning to detect and prevent attacks with and without malware.
EY confirms that there is still a lot of room for improvement: just 1 in 10 organizations say their current security solutions fully meet their needs. What’s more, many are worried that essential improvements are still not underway. However, organizations recognize that these security practices are unlikely to be stepped up unless they suffer a data breach or some kind of incident that has a negative impact on their business. Waiting for an attack to happen is a common, but highly inadvisable practice that can shake the whole company to its core. As we’ve seen many times, companies must never limit themselves to acting after an incident happens. This is why activities such as threat hunting are gaining in popularity: they monitor, analyze and detect anomalous behaviors in order to get ahead of threats.
The study reveals that the most common threats start with phishing attacks or rely on different kinds of malware. The costs resulting from a lack of protection are also getting higher and higher. A clear example of this is an attack carried out in 2018. Cybercriminals injected malware into the servers of an Indian bank’s ATMs, causing it to lose $13.5 million through simultaneous withdrawals in different countries. For cyberattackers, the banking sector is a tempting target. To help assuage this situation, Panda Security has prepared a survival guide for million dollar cyberattacks, which is a must read.
Security as part of the digital transformation strategy
Cybersecurity must start to play a strategic role for companies, as well as for public institutions. It is vital that these organizations identify which are the most efficient and robust solutions for their particular needs. As organizations undergo a digital transformation, with all the new business variables that go along with it (online sales and support, automatization, applications…), they become more aware of this risks that technologies can pose. The importance of implementing a security strategy that does not limit the business’s growth also becomes more apparent. Nevertheless, as we can see, there is still insufficient investment in implementing appropriate security measures.
Integrating security from the design of a business strategy, applications, and technology, must be a key principle for companies that want to thrive in the new corporate ecosystem. Organizations and companies need to make progress with how they protect themselves. They can do this by identifying assets and constructing lines of defense for new and old security perimeters. This is where we start to see the emergence of managerial profiles such as Chief Security Officer (CSO) and Chief Information and Security Officer (CISO). This is of course a reaction to the fact that security is becoming an engine for businesses’ growth. However, some companies have yet to assign the responsibility of protecting the company’s security.
The report also points out the fact that companies need to optimize cybersecurity, leaving behind activities that are of no value, increasing the efficiency of activities that they are currently carrying out, and reinvesting in innovative technologies. There exist advanced cybersecurity models such as Panda Adaptive Defense, which include complete monitoring of applications and devices. This allows business risks to be managed effectively, and provides visibility of threats so that they can be stopped before they cause any harm. Security must never be seen as a desirable add-on. Security is a process, and needs to form part of the strategies of those companies that wish to survive in the age of intelligent technology.