Businesses finally realize that cyber defenses must evolve

Get a copy of the upcoming book "Secure Operations Technology"

Cybersecurity is finally getting the attention it deserves – it is only regrettable that this good news is the result of bad news: more numerous, complex, and damaging cyber attacks than ever before.

cyber defenses must evolve

Cybersecurity takes a step forward

“The WannaCry ransomware attacks have recently made the headlines around the world. This attack was a wake-up call for many organizations and, in particular, for those that believed they could never be a target (e.g. manufacturing companies),” says Vincent Villers, partner and cybersecurity leader at PwC Luxembourg.

Ludovic Raymond, director at the same company, says that organisations are beginning to understand that users are often the weak link in the security chain and that, if trained well, they can become a strong asset for the defenders’ side.

Companies are also evolving from simply buying their cybersecurity solutions to rethinking the design of their IT infrastructure and implementing a security-by-design strategy.

“The old mindset is changing, and leaders are beginning to acknowledge that cybersecurity must evolve. In fact, a proactive defense, although useful in warding off attacks, is no longer enough. Organizations’ responses to incidents must also focus on managing their business impact,” Raymond says.

The human factor

The boardroom and company leaders must work to ensure that business, IT and cybersecurity strategies are aligned, and cybersecurity has to be treated as a key pillar for all initiatives and projects, and not just a special domain for experts.

Companies must train employees in cybersecurity, but must also be able to attract quality security professionals. At the moment, that can be somewhat of a problem.

“We are confronted with a shortage of cybersecurity talent and the impact of this shortage is twofold. On one hand, there’s a strong competition between players, who need to pay more to hire key talent. On the other hand, there’s the emergence of a new operating model, in which companies think increasingly about outsourcing certain tasks,” Raymond says.

He believes that we’ll soon see more specialized service firms taking over roles currently kept within organizations. Also, that businesses should stop looking just for security employees with classical technology credentials.

“Security is everyone’s problem, so why limit security positions to people with degrees in tech fields or in computer science? The challenge for organizations is to find people who are able to talk to business leaders, understand technical people, define strategy, and manage a crisis,” he adds.

To achieve this, companies need to foster new education models, accelerate the availability of training opportunities, and deliver deeper automation, so that talent is put to goos use on the front line.

And, finally, like in all other traditional functions (accounting, management, marketing, etc.), the development of the cybersecurity workforce must be addressed at the highest level of the business, not left to the IT department.

As complexity rises and demand is booming, governments also need to take action – a shortage of cybersecurity talent can be expected to impact global security, Villers noted.

Technologies to invest in

Being good at the cyber essentials and having strong foundations for their network, workforce, users, and data is crucial for organizations that want to keep secure and thrive, Villers points out.

That said, businesses are always on the lookout for next-gen solutions that can create sustainable and resilient cyber architectures, and make cybersecurity tasks easier and faster.

Villers believes that threat intelligence is mandatory for ensuring long-term security, and that organizations should invest in data loss prevention solutions, as well as finding a way to tackle the insider threat.

“Introducing artificial intelligence into cybersecurity is a good way to handle time-consuming, low value-added tasks. It will require a training / development / improvement period, but it will certainly help cybersecurity specialists focus on more decision-making tasks and making the right decision in a timely manner,” Raymond adds.

“Companies no longer have the means to protect everything, so it’s essential for them to invest in detection technologies in order to obtain the right information and the source of the information. This implies even more data to process and, thus, the implementation of technologies based on data analytics and machine learning, such as behavioural analysis.”