Cybersecurity priorities for digital leaders navigating digital transformation
Article by Equinix senior vice president and director of information security, Michael Montoya.
The pandemic has forced the economy into digital excess. Organizations had to quickly adopt remote work and online channels in response to blockages and accelerate digital transformation agendas to survive. Unfortunately, the global threat landscape continues to grow at an alarming rate and rapid digitization has left organizations vulnerable to cyberattacks.
In recent years, Asia-Pacific has been a particularly hot spot for cyberattacks, and as we continue into 2022, it is clear that the problem is becoming increasingly important. Accelerated by external factors such as the pandemic and now the crisis between Ukraine and Russia, the risk of cyber attacks is increasing and is expected to cost the world more than $ 10.5 trillion annually in 2025. These attacks offer a vision disturbing how costly interruptions are. they can be and potentially disastrous dominant effects on local and global economies.
With increasingly sophisticated, innovative and collaborative threat actors, the responsibilities of cybersecurity today extend beyond security professionals: all digital leaders must make cybersecurity a priority now.
The cybersecurity landscape in Asia-Pacific
In 2021, Asia-Pacific was one of the regions most attacked by cybercriminals, with one in four attacks worldwide. It was found that India, Japan and Australia were the top three countries suffering from these attacks, and server access and ransomware are among the most popular methods. But countries vulnerable to attacks also include Indonesia, Vietnam, Malaysia, Singapore and Thailand, proving that no destination is safe.
Last year, we also saw several high-profile breaches in organizations and an increase in attacks on critical infrastructure and supply chains, globally and in Asia-Pacific. Four Southeast Asian critical infrastructure organizations were attacked, including a water company, an electricity company, a communications company and even a defense organization. Identify attacks quickly before they heat up. Although the actors in the threats became more sophisticated, an industry report found that 54% of organizations in Asia and the Pacific had not updated their cybersecurity strategies in the past 12 months.
If organizations don’t act now to upgrade their security, it will only end up costing them. Data breach costs stood at $ 4.24 million in 2021, 10% more than in 2019. In addition, innovations and automation of threat actors have helped them improve their ability to ‘sit down and move in operating environments from day to minute. The months it takes to identify attacks are no longer acceptable, and classical security approaches can no longer respond to this automation and innovation of cyberattacks. This makes a converged cybersecurity strategy a top priority for today’s organizations to generate digital benefits while driving greater visibility and control.
How can organizations begin to protect themselves?
Traditionally, network security techniques have been a defensive layer to access all services and content. This method is no longer suitable as the perimeter of a network grows more distributed and linked, so a more complex and multidimensional approach is required to augment or replace conventional firewalls with a larger zero trust framework.
The application of a zero-confidence security approach has been marketed as a secure defense against unknown and developing threats. It has also become more crucial as the number of cyberattacks grows. Digital leaders cannot rely on a single authorization event to authorize trust with more people accessing the job remotely.
Instead, they must establish a digital trust based on the principles of access with minimum privileges and continuous authentication. In addition, with the advancement of artificial intelligence and machine learning capabilities, network users are now “known” for much more than their access credentials, even learning from user behavior. to deny access to users who break the rule.
Global security expectations and future trends
As threats actors are outdoing us by innovating and automating us, we need to be even more effective than ever at closing the gaps in our cybersecurity. We’ve identified four key trends and agendas that digital leaders need to keep in mind:
- Cyberattacks will continue to grow—As companies continue to adopt cloud services and digital transformation, cyberattacks are inevitable. The question now goes from “if” to “when.” Digital leaders will play a more prominent and vital role in helping companies navigate threats and risks as they anticipate what is to come.
- Breaking silos—Many organizations still manage security in isolated functions, but the more groups we make, the more complex security is. You might think this is an advantage, but threat actors thrive when security becomes complex, as they can easily identify gaps in the system. Converging security for greater visibility and control will become a priority.
- Create safety awareness and culture—Creating a culture of security will become a greater strategic initiative. Security will become everyone’s job and it is crucial to deploy zero-trust environments that integrate all departments for complete digital visibility and control. We also predict and encourage more investment and innovation for the cybersecurity industry to create friction-free solutions for users.
- Increased transparency and dissemination—As organizations adopt cloud and hybrid cloud strategies, they place more trust and stress on third parties. Vendor risk has been a long-term challenge in cybersecurity and will continue. We hope that companies and third parties will strengthen their strengths to design shared responsibility frameworks and implement solutions that provide compliance, trust and transparency.
We must also continue to expand our engagement with law enforcement, critical infrastructure providers, and the community at large to learn together and move forward with trends in cyber threats.
No organization, person or infrastructure is immune to cyberattacks. As companies become more dependent on digital services and infrastructure, now is the time to prioritize cybersecurity and place more mature cybersecurity in critical infrastructure, bring security teams closer, and expand security awareness so that actors of the threats are less successful in the future.