The following exploration of the infosec landscape comes after the OnCon Icon Awards 2022 held last June, where the Top 100 Information Security practitioners were honored for their contribution to the growth of the professional community. UDT’s VP for Risk and Information Security, Alejandro Mijares, was among the Top 50 Infosec Leaders recognized for inspiring business innovation by advising clients on data, infrastructure and risk management strategies.
As an important follow-up to the OnCon Icon Awards, Alejandro and the infosec team at UDT, examine the evolving challenges and opportunities in the industry to help businesses anticipate the future of cyber crime.
Widespread Cyber-Attacks
Cyberattacks increased 125% globally in 2021, with evidence suggesting a continued uptick through 2022, according to The World Economic Forum’s Global Cybersecurity Outlook report. As threats accelerate, leaders must urgently devise a more strategic approach to cyber risks.
While cyber-attacks have become more widespread and pervasive as the report suggests, their mechanisms haven’t evolved all that much in recent years. Phishing remains the most common and established technique targeting vulnerable customers and employees. The rise of remote work has effectively “loosened” controls due to the growing failure to enforce security protocols outside of the workplace.
This observation led the team to conclude that changing behaviors is just as important as applying security technologies in reducing the incidence of attacks.
Getting Down To Basics
Do SMEs have the basics of information security covered?
SMEs are particularly vulnerable to cyber attacks because their IT is focused on running the business and not on information security. The functions of information confidentiality, integrity and availability, which are essential to running a business of any size, go out the window when resources are tight. A vast majority of SMEs believe that an attack “won’t happen to us anyway”. They assume safety despite not getting the basics right.
An investment in information security and data protection could potentially prevent 80% of attacks. If SMEs recognize this, it could mean long-term success in an increasingly challenging digital landscape. This is an area where infosec professionals can deliver real business value.
Increasing Complexity
With the advancements in IT coupled with the growing onslaught of cyberattacks, ensuring information security has become increasingly difficult. Companies are turning to a variety of solutions to secure their highly distributed architectures. In other words, adding more complexity on top of complexity. This sets digital transformation back rather than forward and results in a widening exposure to threats.
For example, security and identity deployments consist of multiple tools that often are not fully integrated. In some cases, there are multiple tools that may duplicate supporting functions. Operating these tools requires many separate dashboards, multiple policy administration points and maintaining many ad hoc integrations. Now you have too many separate tools with too many separate dashboards.
The challenge facing infosec is integrating these stand-alone tools to work together in complementary ways and improve overall security posture by standardizing the way the tools interconnect.
Expanding Roles and Scope Of Work
In the advent of digital transformation, information security was considered an add-on business function. Gone are the days when information security professionals were mere advisors in support roles. Companies now realize that adding security as an afterthought leads only to more security failures.
Today, infosec practitioners are the tip of the spear in cyber defense. They are essential strategists who have greater sway over business decisions. Information security professionals now have to lead with a wider scope of responsibilities within the organization.
And as these responsibilities grow, information security professionals will be more deeply involved in the accomplishment of business goals, including setting the future direction for the company.
Influencing Best Practice
For information security to be successful, everyone who is part of the organization should take the responsibility of maintaining security policies and protocols. Simply telling employees to care more about security will not be enough to ensure it. Forming a habit for creating and upholding policies to maintain security is paramount.
This means information security professionals should proactively influence best practice and help members across the board to adopt a security-first mindset.
By helping them remember that each person in a business has some information at their disposal, and attackers have become adept at targeting small entities, including individual employees, to accomplish their sinister goals, will encourage everyone to take information security more seriously.
CISO-As-A-Service
Engaging an award-winning Chief Information Security Officer (CISO) with the experience of a business strategist is now within reach of organizations of any size. The right CISO is critical to an organization’s security resilience and ensuring the organization maintains regulatory compliance.
UDT offers a unique service to the cybersecurity field: Chief Information Security Officer as a Service (CISOaaS). This service provides a client with the necessary expertise to navigate the changing cybersecurity landscape without needing to hire an entire team.
What are some of the benefits of CISOaaS?
- No need to hire someone full time
- Leverage expertise from a pool of former CISOs
- Provide oversight and management of day-to-day activities
- Provide insight on reporting and cyber events
- Fill gaps in key strategic security components