by Gurmail Singh
Today’s CISOs are well aware that a serious cyber-attack on their organisation is not a case of “if” but “when”. Their challenge is that the current global crisis has created new cloud security risks whilst at the same time generating new budgetary demands that might bump cyber down the corporate priority list.
Against this backdrop, it’s vital that businesses preserve hard won corporate reputation and customer confidence through security-by-design and effective partnerships.
Threats are everywhere
Adoption of cloud and digital technologies was already soaring even before the pandemic. Government lockdowns and the shifting of business models online has only accelerated the process: Microsoft said it saw two years’ worth of digital transformation in just two months, for example. The end goal of these efforts is to keep operations on track in extraordinary circumstance and ensure the business can continue meeting customer expectations.
However, digital transformation also increases the corporate attack surface. An explosion in remote working endpoints and cloud infrastructure offers more for attackers to aim at, while distracted home workers, potentially using insecure kit, present an attractive target. Trend Micro alone blocked over 27.8 billion unique threats in the first half of 2020. Many more attacks, using “living off the land” and other covert techniques, will go undetected.
The impact on the bottom line could be severe. The cost of a data breach today stands at nearly $3.9m, although this rises to $50m for data loss of 1-10 million records. In some extreme cases, like that of Equifax, costs can top $1 billion. Ransomware can also take its toll. Some serious outages have cost firms tens of millions.
Security starts here
However, alongside the direct impact on the bottom line, business leaders must think about the impact of breaches on customer confidence. A serious incident could lead to customer churn and put off prospects from doing business with you. The CCPA and GDPR have raised consumer awareness about the importance of data protection, and given them more control over their own data, whilst making it easier for them to switch companies and take their information with them.
This makes cybersecurity a number one priority. But where do you start Here are a few ideas:
- Build cyber-resilience into the business culture by taking a security/privacy-by-design approach
- To achieve the above, the CISO and security team must be involved in any digital project from the very start
- Find a trusted cybersecurity provider, one that can deliver connected threat defence across on-premises, hybrid cloud, container, remote working and other environments
- Help the board understand that cybersecurity is not a cost centre but an essential enabler of digital transformation and growth