FUTURE-PROOF YOUR BUSINESS
The future of CYBERSECURITY Cybercrime is a fastevolving challenge, so the best prepared companies know what lies ahead, to the best of their ability, and plan how to combat it early.
I
t is clear that cybercrime has evolved massively from its early days of individual hackers creating mischief with selfdeveloped worms and viruses. Today, there are organised syndicates of criminals actively working to break into companies and steal their critical intellectual property, customer databases and financial records. In fact, entire countries are known to participate in forms of cyberwarfare – again, usually by targeting key businesses or utilities in the ‘enemy’ nation. By recognising the rapid and continuing evolution of cybersecurity, we are more easily able to understand how we can best position our businesses to remain protected, regardless of the speed at which the criminals are evolving their approaches and techniques, suggests Ritesh Guttoo, Cybersecurity Lead for Africa, India and Middle East at EY. “Cybersecurity is only going to become more important as we move forward. It is quite obvious that the threat landscape
40
C YB E R S E C U R I T Y 2 0 2 2
is evolving rapidly – driven by the huge upheavals in the way we’ve been working over the past two years – which has opened up new attack surfaces and vectors for the bad guys to exploit. Remember that, in business, we traditionally utilised what could be called a ‘closed environment’, in that your systems were within a network that was protected by a firewall to prevent intrusions, as well as internal controls like anti-virus, which ensured that files were scanned and malware was avoided,” says Guttoo.
Changing environment “However, this environment has changed dramatically, because of the shift to remote working, the increasing use of the cloud and the increase in automation tools being implemented by businesses. Thus, the system is no longer a closed one. There are many companies adopting the cloud, both for collaboration purposes and for the cost and efficiency benefits. While the core systems may still be hosted at the office, unstructured information like Word documents, emails and so on are stored in the cloud.” The challenge here, he notes, is that the criminals are targeting users directly, as they are aware that if they can gain access
to that individual’s workstation, it will be much easier to access the company’s private network. So recent months have seen a surge in email threats and social engineering attempts, in order to convince the home user – where security is likely to be less sophisticated – to unknowingly introduce malware into their system. “We have witnessed a significant increase in threats targeting the end user, and this is simply down to the global switch to the work-from-home environment. The other things we have noticed is an increase in the targeting of cloud service providers, simply because of how much valuable information is help in the cloud. And it is for this reason that it is imperative businesses today fully understand the security practices of their third-party providers – be they providers of the cloud, an application or third-party software accessed through the cloud,” Guttoo adds. “If you wish to future-proof your business, it becomes more difficult. Remember that the cybercriminals are investing massive resources in their attacks, including malware driven by artificial intelligence (AI), which enables it – should it be blocked by a security program – to automatically change its signature, pattern or file name before trying again. And it may keep doing
