Cyber Security In An Ever-Growing Digital World 

Uploaded on 2023-06-01 in TECHNOLOGY--Resilience, FREE TO VIEW

 Digitalisation brings a whole new and complex data network to protect, harness, control and manage. Due to technological advances, data no longer travels in the simple and linear journey that was historically between organisations and applications.

Now, data is transacted in several additional ways, including between humans and artificial intelligence, between trade and transactions and between firms and nations, all resulting in a digital divide at a global scale. As more data-driven infrastructure technologies are introduced, the risk of cyberattacks increases.

Digital transformation is rapidly accelerating. The global digital transformation market is projected to grow from $2.27 trillion in 2023 to $8.92 trillion by 2030, according to a report by Fortune Business Insights. Businesses use technologies such as cloud computing, SaaS, IoT, remote/hybrid working, and mobile devices to increase productivity and improve customer experience. However, the rapid expansion of digital transformation results in an exponential increase in the potential attack surface for cybercriminals, making it increasingly difficult for organisations to monitor, detect, and respond to threats promptly. 

Threat Implications

While the collective move to digitalisation is positive, change always brings a certain degree of risk. We've already seen that the rise of eCommerce in recent years has attracted cyber criminals in their droves. According to Juniper Research, eCommerce losses to online payment fraud were estimated at 41 billion US dollars globally in 2022, and this is expected to grow further to 48 billion US dollars in 2023. Transformation as we know it usually manifests itself as a singular occurrence, but digital transformation will more than likely accelerate throughout 2023 and beyond, continually evolving and inevitably resulting in more attacks.

However, digital transformation can put some businesses at a disadvantage in meeting cybersecurity expectations regarding technological and financial capability.

If this is the case, organisations should re-evaluate their security needs, cutting back on those expenses that aren't required and re-investing in more streamlined solutions capable of providing modern support. For example, organisations could outsource to a Managed Detection and Response (MDR) service. This would enable an organisation to tap into market-leading security technologies and expertise without the expensive subscriptions and wage needed to reach the same level of security maturity in-house. 

The Role Of Cloud In The Digital World

As cloud technologies provide the backbone of this digital divide, it's clear that cloud adoption will continue to advance by driving business performance and providing agility. SaaS and IaaS models power many cloud transformations, and the number of new interactions between applications in the enterprise continues to expand. As a result, organisations will inevitably add more third-party SaaS and IaaS providers to their technology stack, so having a solid third-party security posture will be crucial.

This means that cyber-attacks on centralised cloud services will have a more significant impact, as we will experience threat actors taking advantage of misconfigured APIs to exploit private data at an unprecedented scale.

This can lead to core software code repositories becoming compromised, impacting thousands of organisations across the globe. With the increase of applications comes the increasing implementation of container security automation, a feasible strategy to maintain secure and compliant cloud-native container environments. 

Getting The Fundamentals Right

The increase in digital technologies has meant that the number of individual digital assets has also grown exponentially. Therefore, securing these assets and their communication is critical for data security. 

Historically, Identity and Access Management (IdAM) has been essential in delivering successful digital services, however, we've seen that many organisations have been complacent in this field. Some businesses are not monitoring which identities are being used and not keeping up with the removal of those that are not - exposing a huge gap in the security infrastructure, and one that could be avoided. 

To resolve this, businesses can implement zero-trust models using policy-as-code, blocking all unauthorised run-time network, process, and file activities as default protection. No single tool can create a zero-trust environment. A combination of SASE (Secure Access Service Edge), network segmentation and IdAM must be employed to reach this goal. There will be a series of additional smaller steps that organisations can take to ensure the maintenance and enhancement of zero-trust frameworks. Third parties become an extension of businesses, so zero-trust and other necessary security steps need to extend to them. It will also be critical to monitor transaction-level instances to ensure that access is controlled and managed appropriately.

What Does The Future Hold?

We must return to basic cyber hygiene to continue and reinforce cyber resilience. Greater regulation, security frameworks, and national resilience strategies should be implemented globally. CISOs need to recalculate their understanding of the internal and external threat profile, evaluate cybersecurity risks, reshape protection strategies, and develop a core security team that can demonstrate a resilient response to cyber-attacks. 

We must address the skills gap shortage as part of looking forward and planning. Digitalisation means we will automatically need more autonomy. However, contrary to popular opinion, the answer to this isn't replacing humans but hiring talent with automation and security engineering skills that will supplement existing capabilities.

Much like an annual spring clean, businesses must now also clean up and ensure everything is set and in its rightful place before they can move forward. 

Carl Shallow is Head of Cyber Security Advisory at Integrity360

You Might Also Read: 

How Can We Realise Cyber Resilience Through Education?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Microsoft 365 Under Threat From A New Phishing Tool
Lawyer Admits To Using ChatGPT  »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

Assystem

Assystem

Assystem delivers a comprehensive security approach for the industrial and service sectors that integrates physical security systems, industrial cyber-security, functional safety and dependability.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

SequelNet

SequelNet

SequelNet is an emerging MSP, providing 360° business IT solutions and consulting services.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Metrics that Matter (MTM)

Metrics that Matter (MTM)

Metrics that Matter redefines how organizations approach cybersecurity by offering unprecedented insight into the value of their assets to criminals and tailored action plans to protect.