Cybersecurity Awareness Month is an opportunity to evaluate risk and ensure basic controls are implemented to lower our risk. One control all leaders should embrace is the use of MFA to protect their ...
Cybersecurity Awareness Month has arrived! The theme for 2021 is “Do Your Part. #BeCyberSmart.” This message is meant to empower individuals and business leaders to own their role in protecting their part of cyberspace. If everyone does their part, we can build a safer and more resilient digital environment for everyone to enjoy.
The first full week of Cybersecurity Awareness Month focuses on best security practices and highlights general cyber hygiene to keep your data—and your clients’ or customers’ data—safe from cyberattacks.
Many broad and consequential cybersecurity breaches in the past year have provided a chilling reminder to business leaders around the world about the heightened threat of cyberattacks. As a result, cybersecurity has become a board-level issue for many firms in 2021.
- Corporate leaders have already begun elevating the importance of cybersecurity to their companies.
- But recent high-profile attacks show how much more needs to be done in the year ahead.
In this blog post, we’ll evaluate data from the World Economic Forum's Global Risks Report 2021, which ranks cybersecurity high among global risks to businesses. We’ll also take a look at the top four cybersecurity challenges that businesses need to overcome to thrive in 2022 and beyond.
Challenge #1: Increasingly Complex Digital Landscape
Digitization was already a major component of our lives before COVID-19 hit in 2020, but the global pandemic increased rates of digital adoption across the board. Businesses that might not have leaned as heavily on technology pre-pandemic are doing so now. Restaurants, for example, have largely embraced managing to-go orders in a digital environment.
We wouldn’t have been able to navigate the major transition through the pandemic without increased reliance on digital technology, but this also means we’re more vulnerable to cybersecurity threats today.
Challenge #2: Remote Work Decreases Efficacy of Traditional Network Perimeter
One of the most broad-reaching effects of the COVID-19 pandemic has been the massive shift to remote work. Statistics from a survey conducted by Upwork found that over half the American population was working remotely at least in some part in Q2 2021, and 41% of those workers are fully remote.
This shift in the traditional work model has created unique cybersecurity challenges for employers, including the decreased efficacy of their trusted security tactics. According to Deloitte, “Remote work has obliterated many remnants of the traditional network perimeter, and with it the concept of perimeter security, where virtual “fences” keep the bad guys out. Identity has become the new paradigm of enterprise security – if you can ensure that only the right resources are accessed by the right people doing the right things, then you have a more secure environment.”
Two ways to do this are:
- Keeping administrative access separated for a need-to-know only basis. This also prevents a perpetrator from getting all the keys to the kingdom in one stroke.
- Deploying multi-factor authentication for access to ensure that the perimeter is only available to those with permission to access it.
Challenge #3: Fragmented and Complex Regulations
According to the World Economic Forum’s 2021 report, “Privacy and data protection regulations are necessary, but can also create fragmented—and sometimes conflicting—priorities and costs for companies that can weaken [their cyber] defense mechanisms. Within organizations’ budgetary boundaries, companies have to defend and protect against attacks while they also seek to comply with complex regulations.”
If you have cyber liability insurance for your business, you want to make sure your broker has a thorough understanding of the complex regulatory landscape that affects your organization.
Challenge #4: More Interconnected Businesses Now Vulnerable to Supply Chain Hacks
According to the report mentioned above, “Organizations operate in an ecosystem that is likely more extensive and less certain than many may recognize. The concentration of a few technology providers globally provides many entry points for cybercriminals throughout the digital supply chain.”
In a supply chain hack, cybercriminals target a company’s trusted vendors or IT-service providers with the goal of inserting malware into the “supply chain” of software updates that they provide their clients. These vendors and IT companies tend to have hundreds of clients, so a successful supply chain attack would grant cybercriminals virtually unlimited access to all of their clients’ data and the customer data for each company in the supply chain.
Cybercriminals have tended to target major companies and key pieces of infrastructure in the past, but given that supply chain hacks allow criminals to access entire networks of companies from a single access point, small and mid-sized businesses that wouldn’t otherwise look like appealing marks are now much more vulnerable to attack.
One easy way to help your organization be less susceptible to vendor and supply chain attacks is to make sure that tight procedures are in place in the event that any accounts receivable or payable accounts are authenticated to the primary source if a change is requested. Remember, most accounts do not change their bank accounts. Make sure your employees challenge those that do!
Related Reading: Supply Chain Hacks Threaten U.S. Companies. Is Yours Protected?
While cyberattacks are devastating for those who are ill-prepared, cyber liability insurance provides valuable resources to help regain lost business. Although prevention should be the primary focus of your cybersecurity strategy going into 2022, it’s wise to have a plan in place in the unfortunate event that you are faced with a breach. Cyber liability insurance will help ensure that you’re prepared for any repercussions from a cyberattack or data breach, including loss of trust from employees and customers.
As we kick off Cybersecurity Awareness Month 2021, remember to #BeCyberSmart for your business!
Jeffrey Julig is Vice President and Chief Information Security Officer (CISO) for SWBC. In this role, he leads a team of security professionals to protect SWBC’s diverse lines of business from internal and external cyber threats. Jeffrey is passionate about information security and privacy and belongs to numerous international, national, and local professional and community organizations. He has a Bachelor of Science degree in Cybersecurity from the University of Maryland University College and earned several of the information security industry’s most respected certifications, including the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Law of Data Security and Investigations (GIAC-GLEG) certifications. Jeffrey attended the Department of Defense Cybercrime Investigations Training Academy (DCITA) and is a certified digital forensics examiner.