By Sebastiaan Rothman, Cloud Solutions Architect at Altron Karabina
As business leaders review and consolidate many of the dramatic operational and workforce changes that were implemented in response to the health crisis, cybersecurity is coming to the fore as a major risk to business continuity. Existing threats to companies in the form of data breaches, social engineering and phishing attacks, for instance, have now been amplified with employees working from home and IT teams having significantly less oversight over user behaviour.
On a global scale, the cyber threat to business continuity and economic stability is so large that ‘cybersecurity failure’ is listed among the top 5 risks in the World Economic Forum’s Global Risks Report 2021; while the report also highlights ‘IT infrastructure breakdown’ as the second most critical threat to the world in the medium term. For South African businesses, a dual pressure is also looming in the form of the Protection of Personal Information Act (POPIA) which came into effect in July 2020 – and carries with it major financial and reputational risks for businesses that don’t comply.
Yet while this risk landscape can appear both daunting and overwhelming for businesses already under operational pressure, there are immediate, cost effective and accessible steps to take in order to become both more secure and to ensure data security compliance.
Arguably, however, it must begin with an understanding that cybersecurity and information assurance are not technology problems: these are business challenges that are usually solved by implementing robust business processes (in addition to strategic technology solutions). Moreover, leaders need to understand that becoming compliant does not make an organisation secure; just because you have a control in place doesn’t automatically make it effective. And sadly, in many instances, the lack of maintenance or skilled management of these controls render them almost useless from the outset.
With this in mind, here are some immediate and practical steps to consider on the journey to bolstering cybersecurity (and ensuring business sustainability in the long term)…
- Harness existing assets by configuring them correctly
The rapid shift to remote working has accelerated many long term plans to move on-premise IT to a full or hybrid Cloud environment – and businesses are already reaping the rewards of agility and more flexible operational costs. However, all too often, leaders assume that Cloud services are inherently or automatically secure – and as a result, they do not interrogate or attend to many of the licenses that come with software-as-a-service (SaaS) solutions. Indeed, what often happens is that businesses buy the relevant license from Cloud service providers on the promise of a ‘one-stop shop’ for security. Now, these solutions can be very secure and robust, but they still need to be implemented and configured correctly.
This has become such a common problem that IT analysts have identified misconfiguration as a critical risk to Cloud environments. Notably, misconfiguration was identified by the Cloud Security Alliance, and documented in their publication of Top Threats to Cloud Computing - warning that these misconfigurations can lead to either or both internal and external threats. If we look internally, a poorly configured solution might not protect data in the way it is supposed to. For instance, the misconfiguration of a data loss prevention solution or data classification solution that allows important information, like PII type data to leave the organisation, can have disastrous consequences.
- Create visibility with smart monitoring solutions
When it comes to cybersecurity for a business of any size, the ability to monitor and accurately perceive threats is now paramount. In fact, gaining visibility of threats is the first step in ensuring a well-governed and secure working environment. Of course, this is easier said than done, with operational resources already overburdened with the day-to-day activities to keep the proverbial lights on. That said, the right technology implementations can lessen the operational burden (and risk) in the medium term.
For many organisations, leaders should look at using active detection and even correlation solutions like security incident and event monitoring. Alternatively, SIEM solutions for businesses can greatly reduce the operational overhead of having to dedicate someone to the monitoring aspect. Again, correctly configured solutions allow for exception monitoring and alerting, allowing operational resources to go about their business and only act on alerts that get triggered. Admittedly, appreciating the payoffs and benefits on these investments requires a longer term view, but there is no doubt they are worth the immediate pain.
- Boost internal awareness with quick wins (along with regular training)
While it is now common knowledge that employees and teams are the weakest link in every IT security strategy, many leaders are still not devoting enough time and resources to educating and training employees around the risks. This is the fatal flaw that we’ve seen undermine huge investments into threat monitoring and perimeter protection – with banks, tech companies and other juggernauts falling prey to social engineering attacks and malware sent to unsuspecting individuals. These attacks come at a huge cost, with data breaches costing SA companies R40.2 million on average in 2020.
Arguably, leaders should be incorporating cybersecurity training into employee on-boarding programmes, as well as continually holding refresher courses and simulated attacks on a quarterly basis (at the least). These training courses should emphasize the equal role and responsibility that everyone plays in keeping the organisation secure (from receptionists to project managers to C-suite executives).
Along with training and awareness initiatives, make sure that employees (at all levels) have the basic protections in place – and are leveraging solutions such as multi-factor authentication, strong passwords, and installing software updates on all devices when they become available.
Finally, leaders need to ensure that they develop clear and robust frameworks to guide cyber security strategies, as well as internal policies that govern and manage how employees use devices, share and store data, and interact online. These policies should be shared and made visible throughout the organisation, as well as regularly updated as the threat landscape evolves.
There is no doubt that 2021 is going to require that leaders carefully manage resources and prioritise business continuity. For those who continue to ignore cybersecurity and robust data management, the months ahead will be fraught with risk.