How CIOs Can Protect Their Organization Against Growing Threats, CIO News, ET CIO
The cybercrimes of 2020 made history and reinforced the importance of cybersecurity for businesses. Threats like malware, DDoS phishing, among others, increased as the workforce moved remotely. While cybersecurity has always been one of the biggest concerns for IT teams, what is more alarming is the growing sophistication of these crimes.
For example, one of the many crimes that made headlines was the attack on SolarWind, a major US IT company. The attack went on for months before anyone knew it, and it affected SolarWind customers, including Fortune 500 and US government agencies.
Crimes like these reflect the state of cybersecurity and show that attacks are manifesting in ways never before imagined. This makes identifying and mitigating risks complex.
However, with the right policies and preventative measures, CIOs and IT managers can easily identify and mitigate risks.
The overnight twist of fate revealed many vulnerabilities and weaknesses in security, which allowed hackers to exploit networks and data.
In general, the state of cybersecurity is not improving, as a study by CompTIA. In 2020, 80% of participants believe that the state of cybersecurity is improving. However, in 2021, only 69% still felt the same.
The accelerating digital transformation, uncertainty and the ripple effects of the pandemic have led to pessimistic sentiment.
In addition, a report of ISACA and HCL Technologies on The State of Cyber Security 2021 showed that: “62% said threat actors have taken advantage of the pandemic to disrupt the organization’s business. “
So how are businesses coping with this dynamic cybersecurity environment and the ever-changing demands for adaptation and protection?
By increasing budgets, to begin with. For example, the same report from ISACA and HCL Technologies shows that 41% report an increase in their organization’s cybersecurity budget for the following year.
And 51% of financial services organizations have increased their spending on security technologies.
Finally, 48% of respondents from pharmaceutical, healthcare and medical organizations said they had adopted the SASE strategy or zero trust due to the pandemic.
So, without further ado, let’s take a look at some of the ways that CIOs can strengthen the security settings of their organizations and protect them against the rise of cybercrime.
How to protect your organization against the rise of cybercrime?
The state of cybercrime and the pandemic has shown us that crime is at an all-time high. New approaches, strategies and solutions are needed to cope with these changes and demands. So let’s see some of these ways.
Back to basics: the importance of strong passwords
The importance of strong passwords is emphasized time and time again. Why? Quite simply because it is one of the easiest doors for hackers to infiltrate a system. The most common passwords are based on personal information such as birthdays or anniversaries, which are easy to find on the Internet. This is why a 10 character password which is a mixture of symbols, numbers and names is a smarter choice.
However, remembering such complex passwords is unrealistic. Whether it’s businesses or individuals, it’s easy to set an easy-to-remember password by default that includes personal information or a recognizable pattern. That is why you should use password managers. It securely stores your unique password, making it easy to manage passwords for different accounts.
Multi-Factor Authentication (MFA) takes password management to the next level. It forces users to go through 2 security walls instead of just one, thus enhancing account security.
For example, while the first layer is the password, the second layer can be a fingerprint, one-time password, or other such methods.
This is especially important in a hybrid work environment. MFA is not only useful for employees working in different locations, but also for those who wish to bring their own devices. MFA lets your people work securely from any device.
One thing to avoid in MFA is the set-it and forget-it approach. Instead, keep checking in with your employees regularly to make sure it’s working.
Automate data backup, your most valuable asset
Ransomware remains one of the main cybercrimes. Hackers encrypt corporate data and typically charge a small fee to return it to them. Despite hackers’ requests, it takes days, if not weeks, to retrieve the information. Thus, data backup is of the utmost importance.
Then, spacing your backup is another strategy to prevent hackers from exploiting the backed up files as they are stored in locations other than the company premises. It can be an offsite location or a cloud environment.
One of the things CIOs need to do is periodically review policies. This ensures that backups are performed regularly. If changes are necessary, they can be implemented. Additionally, revised guidelines for backup locations, including cloud backup and offsite backups, ensure sound implementation of backup policies.
Finally, one size doesn’t fit all when it comes to data backups. Test, iterate, and plan what works best for your organization.
SSL VPN: secure channel for network traffic
Working from a variety of locations, such as in a hybrid workspace, means using public Wi-Fi or unsecured trunk lines. This could contain threats like man-in-the-middle attacks where malicious third parties can capture sensitive information like credit card numbers, passwords or even usernames and passwords for access bank accounts.
This requires a robust security solution like SSL VPN. A virtual private network (VPN) keeps your data encrypted. Besides, it hides your internet activities and also secures business data.
SSL VPN protects against all these crimes and provides end-to-end data security by encrypting your data as it travels to its final destination. Additionally, SSL VPN eliminates the threat of eavesdropping, tracking, or extracting sensitive information from the network.
Basically, with SSL VPN, your network traffic goes through a secure tunnel to reach secure or confidential resources. This way, your business data can stay secure, no matter where your employees work. SSL VPN is easy to set up, less complex, and requires less technical oversight.
Web Application Firewall: Barrier for Hackers
Your web applications are one of the most valuable assets for your business. And also one of the most exposed. Websites are the main target for hackers to break into an organization’s systems. Some web application attacks are DDoS attacks, cross-site scripting (XSS), zero-day attacks, and SQL injection. Web application firewalls block this traffic by identifying malicious traffic and suspicious activity such as ping flooding.
Firewalls act as the first line of defense and as a barrier for hackers. It prevents traffic from entering the premises and prevents it from further intruding by blocking it.
Create a risk management plan
Identifying and mitigating the potential threat can save your business from a huge decline in financial resources, data assets, and reputation.
To create a risk management plan, assess all your data touchpoints, prioritize your most valuable assets, and understand where the vulnerabilities lie and the best possible strategies to close the gap. Creating a plan also ensures that your business knows the answer to any unforeseen incident. Any event that may have a negative impact on business operations must be included in the risk management plan and its response plan.
The author is vice president of international sales at Array Networks.