2 minute read
Columnist Where is Cyber Security Heading Next?
The cyber security landscape is ever-changing, and new legislation is accentuating the need for leaders to understand risk across their entire supply chain. As an organisation, it is crucial to strengthen cyber security measures in place and start planning for the new cyber risk legislation.
Cyber professionals have come to accept that cyber attacks are inevitable in today’s digital world, and it is no longer a question of ‘if’ but rather ‘when’. Official UK Government statistics* report that 31% of businesses estimate they were attacked at least once a week during the last year.*
For this reason, it is vital to have clear visibility across the IT environment. From a clearer vantage point, it becomes possible to identify any unusual activity across the ecosystem of users, applications, and infrastructure. As a result of artificial intelligence and machine learning algorithms, advanced threat detection and response tools analyse real-time and historical data. They can also identify unusual patterns and detect and successfully block advanced threats designed to evade traditional defences.
It is essential that companies look beyond immediate cyber security measures and take the necessary steps to build true cyber resilience. This requires a proactive strategy that combines behaviour, financials, and technology to prepare and recover from any attack and anticipate risk.
A robust cyber programme needs to consider whether you are prepared, able to respond, and able to recover in the event of a cyber attack. To achieve cyber resilience, strategies should include tools to reduce and minimise cyber risk, as well as identify the areas where risk can be transferred to insurers.
As cyber security becomes increasingly complex, many in-house security teams are finding that they simply lack the cyber security skills, expertise, budgets, or resources to manage a fully-fledged security operations centre (SOC). Added to this, in-house IT budgets struggle to compete with specialised cyber security providers to attract and retain the best talent. This is leading to a growing trend to outsource cyber operations. Options vary, but may include outsourcing managed detection and response (MDR) services to an experienced outsourcing security provider, or perhaps taking advantage of the leadership services of a virtual CISO. This places extra importance on the need for companies to place their trust in technology partners, such as Telefónica Tech who have the skills and expertise to accompany them on their digital transformation journeys.
Attackers are now seeking out easier targets beyond the immediate cyber defences of the enterprise within supply chains. Smaller players within supply chains typically do not have an equal level of protection or resources to monitor and manage cyber risk.
Attacking third-party software is another easy target, exploiting weaknesses in third-party apps and software to gain access to valuable systems and data. The introduction of legislation such as the NIS 2 Directive will require boards and CEOs fully understand and tackle supply chain and third-party risks.
Leaders will be required to conduct enterprise risk assessments that assess the maturity level of their cyber security programme and proactively address any concerns. Risk assessments can also be useful in shaping cyber resilience strategies, by determining decisions around any insurance gaps, limits and coverage.
In an era of hybrid working, legacy virtual private networks (VPNs) are no longer deemed fit for purpose. VPNs implemented to date are unable to meet the scalability demands needed for hybrid working, and the technology itself can be prone to cyber attacks and vulnerabilities. To counter this, expect to see an even greater shift towards ‘zero trust’, which aims to provide a scalable yet highly secure environment where users are continuously validated, assessed, and authorised using multiple authentication methods.
Overall, cyber security trends will continue to evolve as new security threats and attacks emerge, which is why it is essential to seek strategic partners to accompany companies so that they can prepare more quickly to protect their most valuable assets.
About Telefónica Tech
Telefónica Tech is the leading company in digital transformation. The company has a wide range of services and integrated technological solutions for cyber security, Cloud, IoT, Big Data, and Blockchain. For more information, please visit: www.telefonicatech.com