Cybercrime is posing an unprecedented threat, it’s time to develop a proactive cybersecurity strategy
In 2020, there were more data breaches and cyber-attacks on companies, governments, and individuals than ever before. The sophistication of threats has also increased due to the application of emerging technologies like machine learning and 5G, and because of greater tactical cooperation among hacker groups and nation state actors.
The primary cost of cybersecurity is alarming, but the associated costs don’t often make it into the headline statistics. Due to a weekend-long cyber attack in October 20212, Tesco had thousands of customer orders disrupted and lost millions in missed sales, and we can assume the losses won’t stop there. They will now have to react quickly to implement more cybersecurity tooling and work hard to repair and restore brand reputation with its customers – potentially costing more money.
By not regularly reviewing your cybersecurity strategy, you are leaving your organisation open to a multitude of complex threats. These have the potential to destabilise your operations and affect business outcomes for years to come. It isn’t enough to invest in one endpoint AntiVirus or Firewall solution, cybercrime is at a level of maturity where there is not one single product that can eradicate all threats.
What makes a good cybersecurity strategy?
Your cybersecurity strategy should be proactive rather than reactive and take the approach of ‘when’ an incident occurs rather than ‘if’. Instead of focusing on preventing a cyber attack, the most effective strategies stress the importance on how to detect, respond and recover from an inevitable breach. That said, any robust cybersecurity strategy should put you in a better position to respond to an attack. A comprehensive strategy aligned to a recognised industry certification such as Cyber Essentials Plus can make the difference between a minor incident and a major one.
Cybersecurity also needs to be tailored to your needs, challenges and digital journey. Each organisation is unique and requires a customised approach to strategy.
Step 1: Review your cybersecurity setup
By reviewing your cybersecurity position, you can identify high-risk areas and any redundant tools which can be shelved. It is also essential to understand where the threats are deriving from and if there is a fit for purpose solution to plug the gap. By undertaking this process, you could identify some quick wins to unlock improvements and improve cyber resiliency.
We often find that our customers are renewing existing ‘legacy’ security solutions which were developed and selected several years ago when the landscape was very different. Many of these tools are not able to respond to the latest emerging and “zero-day” threats. Today, cybersecurity isn’t about investing the most money. It’s about making tactical moves and spending budget intelligently.
Step 2: Layer up with cybersecurity
To prevent and mitigate cyber-attacks, your strategy must employ a range of technologies and solutions to cover all bases. And as the threats change, the bases can also change. Much like digital transformation in general – cybersecurity is a continual process that involves monitoring, threat hunting, training, and cultural change.
Some solutions to consider are perimeter security, endpoint security, back-up and disaster recovery, authentication protocols, real-time monitoring and threat intelligence.
Step 3: Make testing a priority
For any company undergoing a period of digital change, it is vital to promote a culture of continual security testing. Any new application rollout, change to IT infrastructure, or merger or acquisition activity can potentially expose new security vulnerabilities that threat actors can and will exploit unless these changes are tested proactively to ensure any holes are identified and remediated. Over the past two years, we have seen this frequently as organisations were forced to implement years of transformation rapidly. To make sure their workforce could work successfully from anywhere. Many fell victim to cybercrime due to poor implementation.
Step 4: Scrutinise your resource
Over recent years, the escalation of cyber-attacks has seen organisations rush to employ skilled professionals. As a result, leaving the market depleted of cybersecurity experts. There is currently a shortage of over 1.2 million. Your organisation might be feeling this impact directly. When considering your cybersecurity strategy, it is important to review resources and identify where you need extra expertise or whether tactical outsourcing is more appropriate.
Ricoh Cybersecurity Practice
Working with a collaborative partner is a fantastic way to fortify your business against the risk of cyber-attack. Our team is innovative, forward-thinking, and works with a range of global clients across both the public and private sector. By taking advantage of our experience and expertise, you can build a cybersecurity strategy built to protect your business against new and evolving threats.