Businesses are not alone in their concerns about cyber security. It affects everyone and is a matter of when not if an attack will happen.
The number of high level security breaches has steadily risen over recent years – and every day we see media headlines that highlight the latest security breach which results in data and money loss to businesses. As a result, security is at the forefront for most organisations, and has begun to reach boardroom level.
So what’s behind the dramatic shift in our IT landscape?
For one, organisations have been quick off the bat to evolve with new IT innovations and have reaped the benefits of mobility, cloud and the IoT in the workplace. However, by including these new business models in their infrastructure, the modern network is in a state of constant expansion as the number of entry points increases. This creates a dynamic IT landscape for cyber criminals to exploit.
Furthermore, we’re seeing a new breed of sophisticated cybercriminal who is no longer a lone wolf but part of a close knit community that knows each other, trades intellectual property and sometimes even work together.
Acting as a multi-billion dollar industry that knows how to monetise data and malware, they don’t look for quick wins, but long term payouts. The evolution of the hacker has seen them evolve their attacks from individual computers to capturing the full power of an organisations’ infrastructure to gain a long term return on their investment.
Cyber criminals have accelerated the speed of their attacks with many now doing damage in a matter of days or hours, while businesses remain unaware for months that they have been attacked. To have a truly effective defence, businesses need to be one step ahead of their attackers and engage with real time abilities to detect and respond to attacks before, during and after the event.
However, with the shortage of IT security professionals, relying on technology alone and crossed fingers is rapidly becoming a strategy that businesses can no longer afford. Cyber criminals are a highly motivated and compensated workforce who use progressions in technology, changing business models and user behaviour to their advantage.
So now what? Organisations must evolve their thinking. Evolve their strategy. The workplace of the future needs a shift in culture and needs to be more threat centric. The workplace of the future will need to think like an attacker.
Organisations should be more proactive and know what they’re defending against. By reviewing their current infrastructure and asking “Is it at the latest level of release?” “Do all our employees know our authentication policy?” “What is our current security status, are we breached?” However, something else needs to happen beyond this. Organisations need to maximise their human capital to tackle the problem in real time before they escalate, rather than waiting months down the line to find out about a breach. In my view this is especially important as we edge towards the Internet of Things.
By 2030 a massive 50 billion devices will be connected, which means even more entry points for attack. We need to set ourselves up culturally, to deal with this shift. Businesses should educate employees on how to spot a potential breach. Organisations should ask “Are our employees’ cyber aware?” “How effective is our security education?” “Do our employees know how to immediately respond to an attack?” to ensure that everyone from CEO to intern knows how to spot and defend against an attack.
By taking the sole responsibility away from technology and ingraining a culture of evolved thinking in the workplace, the network will be defended much more effectively.
Attackers will always continue to invest in ways to break into networks. Businesses need to invest and ensure that they always one step ahead of the game – especially when it comes to securing the workplace of the future.