The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The digital landscape is always changing to keep up with a constantly evolving world, and bad actors are also adapting. For every new development in the digital world, cybercriminals are looking to take advantage of weaknesses, so it is important that those concerned with the security of their organization’s network, data, and other assets stay vigilant and on top of trends. Everybody within an organization should work to establish and maintain good cybersecurity habits and measures, but much of the security burden falls on the chief information security officer (CISO). Below are some key insights for any CISO to take into consideration.
Concerns and challenges
Since the beginning of the COVID-19 pandemic three years ago, hybrid and remote working solutions have been rising in popularity. This should be a priority area: according to a report from Malwarebytes, 20% of companies reported that a remote worker had caused a security breach. In comparison, 55% cited training employees in security protocols as a major challenge in transitioning to work-from-home infrastructure. Because the shift to hybrid and remote work happened quickly and with an eye for ease of access over security, employees working offsite can pose a great risk to an organization if not provided with adequate cybersecurity training and policies.
AI and machine learning are also on the rise, increasingly being utilized by businesses and cybercriminals alike. It is important to recognize that while AI enhancements can provide aid, there is no replacement for the human element in developing a cybersecurity strategy. Understanding and deploying AI and machine learning tools can not only help with fraud detection, spam filtering, and data leak prevention, but it can allow a security officer insight into cybercriminals’ use of the tools. Increasing awareness of the criminal toolkit and operations provides an opportunity to get ahead of threat trends and potentially prevent attacks and breaches.
Another major issue is the shortage of qualified cybersecurity professionals leading to a significant struggle with recruitment and retention. In a Fortinet report, 60% of respondents said they were struggling to recruit cybersecurity talent, and 52% said they were struggling to retain qualified people. In the same survey, around two-thirds of organization leaders agreed that the shortage “creates additional risk.” Many factors work in tandem to perpetuate the problem, but the solution doesn’t have to be complicated. Ensuring your employees have a healthy work environment goes a long way, as well as tweaking hiring practices to select “adaptable, highly communicative and curious” people, as these traits make for an employee who will grow and learn with your company.
Tips for improving cybersecurity
One of the top priorities for CISOs should always be to ensure that all employees are properly trained in cyber hygiene and cybersecurity best practices. Insider threats are a serious issue with no easy solution, and a good number of those (more than half, according to one report) are mistakes due to negligence or ignorance. Traditional threat prevention solutions are often concerned with “keeping bad guys out,” and do not protect against those who are already inside the organization.
With hybrid and remote work both expanding the attack surface and hindering enforcement of security policies, it is crucial that all workers, remote or not, understand the role they play in protecting the organization against attacks and data breaches. Companies should also employ the principle of least privilege and implement a zero-trust framework to keep employees from accessing areas of the network that are not necessary for their jobs and lower the chances of either malicious or accidental data breaches.
While the threat landscape is constantly evolving, tried-and-true solutions are still able to cover a lot of ground, so long as security officers and teams are willing to adapt their methods. Many security fundamentals are classics for a reason. It is important to address cybersecurity holistically, rather than as a purely technological issue with technological fixes. Investing in security solutions is just one part of a robust security protocol, which should include not only attack detection and prevention tools, but secure policies from the ground up. Securing networks, devices, data, and other company resources requires many-layered protection.
Perhaps the most important thing for CISOs is ensuring that their voices are heard throughout the company and that cybersecurity is not just an inconvenience for employees to slog through and immediately forget. This means a total culture shift to make every person at every level of the organization understand and respect their own role in keeping data and assets safe. The atmosphere surrounding cybersecurity policies and protocols should be one of cooperation rather than compliance.
Technology and the digital world are on a path of constant, rapid growth that affects every industry and every individual. CISOs, charged with protecting their organizations against cyberattacks and data breaches, face a challenge, especially when employees and fellow executives are not sufficiently informed or involved. It is crucial to remember that every person inside a company is responsible for cybersecurity measures, and every person can cause a data breach through ignorance or negligence. Improving cybersecurity posture while threats are always adapting and following new trends is no easy task, but it is possible with the right tools and practices.