Not taking trust for granted

If there’s a consistent factor in cybersecurity, it’s that attacks change and evolve. Multiple factors have amplified this with businesses increasing their reliance on digital tools and services.

As a result, businesses have more than ever to protect from attacks and while working from home did accelerate digitalisation by a generation, Paul Sexton, enterprise cybersecurity sales specialist at HCS, said the knock-on effects from that period are still being felt in security.

“Where there’s been much advancement, that will bring a lot of complexities to any IT environment,” he said. “The knock-on effect is that IT departments don’t have the resources at hand to manage and monitor every part of this. With a security skill shortage and an increased attack surface, it creates a recipe for disaster.”

There are practical steps to take when it comes to protection and while the complexity has grown, the same problems persist. Elements like using outdated software are consistent factors, but a bigger one can be the lack of a security culture within an organisation.

Having a dedicated security member on a board or in upper management can be a significant benefit as it focuses their efforts, allows IT support partners to collaborate with them if needed, and helps direct employees to adopt best practices.

This is crucial for those at higher-level management as they have access to sensitive data like financial information, strategies and plans, and bad actors won’t hesitate to take advantage of that.

“We’ve seen that the bad guys are always trying to stay one or two steps ahead,” Sexton said. “When we all moved to work from home, there was a big play around enabling two-factor authentication. Now hackers have come up with ways to circumnavigate it, which is worrying.”

“If that’s at risk, then there are other things we need to do to stay at the forefront. Security fitness is one of those ways, enabling your staff and the people on the front line, not just the IT manager or IT staff, to stay protected,” he added.

It’s important to remember that there’s no such thing as a silver bullet in security and staying one step ahead of bad actors will always be crucial.

Security is a constantly changing environment, and it means that plans and policies need to be maintained and updated every six months to a year to ensure workers stay aware of the latest security out there.

It’s why an approach like zero-trust is now coming to the fore and for good reason. Zero-trust, a term that’s been around for a while, is a strategy that relies on constant verification. Regardless of who you are, systems and policies are set up so you’re constantly being verified and nothing is left to chance.

While it’s a simple theory, the reality is it’s not easy to get right, especially since there’s a skill shortage in cybersecurity, let alone with companies themselves. Sexton mentions three qualities of zero trust that stand out: continuous verification, its dynamic nature and easing compliance requirements.

Just recently, HCS launched its zero trust strategy with Fortinet and Microsoft, which takes the best in breed technology from both companies and works together to create a bespoke solution for companies.

These elements not only keep businesses safe, it means they’re able to mitigate and show auditors they followed best practice when they’re hit. Data breaches are now big news and knowing that you have the proper measures can ensure peace of mind for all parties.

“If a company can demonstrate that they’ve implemented best practices, they’ve got solutions in place to mitigate any breach of attack, that goes a long way towards easing the minds of the auditors, but also their customers,” Sexton said.

There is hope as new standards like FIDO (Fast IDentity Online) authentication aim to replace password logins with secure login experiences via public key cryptography techniques, are in the works and could help ease the burden on users and businesses.

Alongside zero trust, another component that Sexton sees developing throughout the years is compliance. With the EU Data Act, the Digital Services act, the CDPA (Consumer Data Protection Act) in the US and the POPI Act (Protection of Personal Information) in South Africa, more countries and territories will adopt compliance laws passed to ensure businesses act responsibly.

“Companies will have to protect or face being fined and not be able to do business any longer,” he said. “Compliance is going to be the big spend for businesses, but it’s going to create a more secure environment for customers.”