Amid the current surge of technological innovation, businesses need to strike a careful balancing act.
It’s a case of adopting pioneering new technologies to keep pace with the rest of the industry, while still implementing the required security strategies to match. But, how can businesses prepare themselves for threats that they are completely unfamiliar with?
Are we sufficiently prioritising cybersecurity?
According to the Equinix 2022 Global Tech Trends Survey – which interviewed 2,900 global IT decision-makers – 47% of global tech companies said they plan to use the cloud to facilitate their global expansion plans.
The survey clearly demonstrated that 5G, XaaS models and cloud storage remain at the forefront of expansion strategies.
72% of respondents said that their organisation is planning to expand in the next year, with 38% saying that their companies plan to expand into a new region entirely. Almost half (47%) of global respondents said they plan to facilitate global expansion plans by deploying the cloud.
To achieve this planned expansion, digital transformation plays a pivotal role. Within this survey, 59% stated their intent to increase their investment in interconnection services, and 71% of respondents plan to move more business functions to the cloud. And, of those respondents, 50% plan to move more of their business-critical applications to the cloud.
Among the answers provided by respondents, significant concerns were raised about cybersecurity. In fact, 85% named improving cybersecurity as a key component of their digital-first strategies, while 83% expressed a need to future-proof their business. The most-feared cybersecurity threats named were cyberattacks, security breaches and data leaks (all of which were expressed by 70% of respondents).
If we take a look at this on an industry-by-industry basis, however, the progress towards the required level of cybersecurity is slower than expected.
For instance, a report from Capgemini revealed that 51% of industrial organisations predict that there will be an increase in smart factory cyberattacks within the next year. Despite this, almost half (47%) of organisations have yet to classify cybersecurity in smart factories as a C-level concern.
In light of the fact that manufacturing overtook financial services as the most attacked sector last year, this slow response is both surprising and concerning.
The discrepancy between technology’s adoption, and the industry’s current data-security skills
New technology – enabled by 5G – is being adopted at a rapid pace.
“About 55% of the CEOs that we talk with say that, by 2026, well over 50% of their business will be new products that they don’t actually have today,” commented Inderpal Bhandari, the Global Chief Data Officer of IBM.
“Pre-pandemic, when we talked with CEOs, there was just a small percentage that thought of digital transformation as important. Then the pandemic hit and, over the course of about a year, we saw (in our customers at IBM) that the awareness at the CEO-level went through the roof. And we’ve probably had as much digitisation in the last year, year and a half, as we’ve had in the previous 10 years.”
While this will open up a wealth of opportunities for the sector – and enable businesses to expand across the globe more seamlessly than ever before – there are a number of obstacles in the way. And, if these are not overcome first, there is the risk that businesses will be vulnerable to serious cybersecurity risks.
The Capgemini report identified that internal disconnect and poor collaboration are key blockades to stronger cybersecurity measures. In fact, 53% of respondents mentioned a disconnect between the C-suite and smart factory leaders, saying that the lack of collaboration between smart-factory leaders and CSOs is hindering the organisations’ ability to detect cyber-attacks early.
Another is the cybersecurity skills’ gap – a growing concern that is being felt across a number of areas in the industry. There is a limited amount of upskilling within cybersecurity teams, who will need to quickly develop their knowledge to manage these new types of threats.
Mitigating the unknown – how can companies successfully prepare themselves for the next wave of data security risks?
Firstly, if a business is implementing a 5G mobile network, then the architecture and infrastructure will need to be designed with cybersecurity in mind. It’s a case of adopting a security mindset, right from the outset.
“Securing a 5G network starts with securing the servers. Security needs to be built-in, not bolted on after the fact. This includes at the hardware and firmware level by leveraging an immutable Root-of-Trust that can be used to verify subsequent operations within the server. Building-in security in this way goes a long way to helping keep the broader 5G network secure when one location is breached,” advises Sonya Mathieu, the UK Director for Data Protection and Cyber Resilience at Dell Technologies.
“Like all other industries, Telecom providers are under a constant barrage of cyberattacks. This means it’s a question of when, not if, a breach occurs.”
“Isolating and securing an organisation’s data to protect against these threats is essential to any network strategy. To do this, providers should take advantage of the security provided by an air-gapped data vault that duplicates data behind a secured interface. Data with an air-gapped data vault is literally and wholly isolated from the rest of the network but remotely accessible when needed. This solution allows operators to protect themselves when the worst happens and restore operations quickly,” Mathieu adds.
The knowledge that these attacks could very well (and do) happen is a widespread theme.
James Blake, the CISO at Rubrik, stresses how important it is that businesses also give recovery strategies equal attention.
“Ransomware has driven collaboration between IT and security, in more of a resiliency-focused mindset.”
“We need to focus not just on recovery, because recovery is rebuilding from rubble. Resilience is the ability to withstand that attack at a degraded level yet still be able to continue serving business.”
According to Blake, there is an intrinsic flaw with the way that businesses currently perceive, and mitigate, the risk of cyberattacks.
“This is the security model we're all used to – walls and moats. And we build the walls higher and we build the moat wider, but the adversary has the first-mover advantage.”
“We can only learn what they're doing after they've done it. Right? So, if they think of a new way of doing things, there's always a lag. There's always a period where our defensive and protective controls won't work properly. And, as soon as we build those walls higher and the moats wider, they build better boats or Trojan horses.”
To overcome this cyberattack cycle, Blake recommends that businesses divert their budgets appropriately and intuitively, so that they are prepared for the worst-case scenario and equip their business with the foundations to recover from it.
“We spend on average 85 - 95% of our budgets on likelihood reduction, but we spend about 5 - 10% of our budgets on impact reduction.”
“So, the way I look at it is, it’s like a cardboard tank: we're spending all this money on likelihood reduction, and all we're doing is making the tank slightly faster, slightly harder to hit. But when you hit it, it’s completely destroyed and causes unbelievable amounts of damage.
“We need to focus on impact, because we are losing the prevention-and-detection battle. But that doesn't mean we need to lose the overall battle,” Blake recommends.