Today, business leaders and governments can agree that if there is one thing they should not ignore, it is cybersecurity. In 2021, organisations experienced a 107% increase YoY in ransomware attacks, along with heightened incidences of supply chain and cloud-centric cyber threats.
As the threat landscape grows bigger, businesses need to innovate for security while exercising caution, with the key focus being on cyber resilience rather than invincibility.
In this battle of endurance against cybercrime, organisations need a new approach to building resilience. A fail-fast approach is not an option for security where attack vulnerabilities could be catastrophic.
So how can businesses ensure that they are on the right track to achieving cyber resilience to gain an upper hand against cybercriminals?
Playing the long game
Given Singapore’s smart nation ambitions, it is not surprising that cyber resilience has risen to the top of the agenda in the wake of the Covid-19 pandemic.
See also: Alibaba anoints new chief in revamp of stalling commerce arm
Our network of infrastructure will only continue to become more connected. The risk is that it significantly raises the stakes for an attack, especially on critical infrastructure that supports our healthcare and telecommunications systems, the consequences of which can be crippling.
For businesses, evolving cyber threats present a danger when it comes to safeguarding sensitive business data and continuity plans, jeopardising their operations and enterprise growth.
Unfortunately, the state of cyber resilience in the business landscape is looking bleak at the moment. While investments in cybersecurity have continued to rise, with 90% of organisations in Singapore reporting an increase in cybersecurity spending in 2021 compared to 2020, the reality is that businesses are not seeing results and not many can confidently guarantee resilience against cyber threats.
See also: Break up Google? What’s at stake in antitrust action
Strengthening your cyber resilience game plan
According to Accenture’s State of Cyber Resilience report, only 5% of organisations achieved high-performing cyber resilience which places them in the category of ‘Cyber Champions’.
‘Cyber Champions’ are able to successfully align cybersecurity strategies with their business priorities to achieve better business outcomes. For them, only 17% of the attacks they suffer from result in a breach, and an even smaller 4% of attacks cause significant damage.
These leaders also have an added advantage in detection speed and remediation response. This is especially important given the rise in prevalence of cyberattacks, with Singapore seeing an 89% jump in the number of successful company breaches from 2020 to 2021.
The secret? Focusing on business alignment and optimising cybersecurity investments.
- Being threat-centric and business-aligned
Keeping attackers out of your environment depends on security leaders closely aligning with the business as partners in driving down risk.
Chief information security officers (CISOs) should be given a seat at the top table – they must move away from security-focused silos and collaborate with the right executives in the organisation to understand business risks and priorities. By drawing on the experience and insights of the wider leadership team, CISOs can gain a broader perspective that serves the whole business well.
Through measuring and monitoring company risk profiles and making that data available to leadership, CISOs can better balance security with business priorities. This enables organisations to not only achieve better business results, but also seize an advantage in the race to cyber resilience.
- Investing for operational speed
Cyber resilient leaders prioritise moving fast, and value their speed of detection, response and recovery. One way to achieve this is by engaging a managed extended detection and response (MxDR) provider.
MxDR entails getting a dedicated security team to manage the elements of cyber defence so that businesses can focus solely on achieving growth.
Organisations will be provided 24/7 support in detecting, monitoring and reporting incidents so that if breaches occur, the combination of external MxDR incident response can minimise the dwell time and get operations back to normal. When incidents occur, the business can focus on managing the incident, reducing dwell time and restoring its operations.
- Driving value from new investments
The rate at which organisations scale investments across their business also has a significant impact on their ability to defend against attacks. Enterprises should consider scaling fast to realise how effective investments in new security technologies can be in improving security team detection rates and protecting more key assets.
Full-scale deployment of emerging technologies will be able to contribute to an enterprise’s cybersecurity defence. For example, through intelligent cyber digital twins technology, security teams will be able to construct a twin of the attack surface, mimic adversarial movements and assess the risk to business processes.
Modern advanced threat detection and incident management capabilities have also shown that the cloud is another technology that can boost security, with research showing that nearly three-quarters (73%) of respondents are confident they enjoy better security protection with their cloud providers than with any solution they can build alone.
However, when leveraging the cloud, it is also important to ensure your cloud environment stays protected. This includes auditing and testing for cloud misconfigurations, adopting an identity and access management framework to monitor and control cloud user access permissions, and establishing multifactor authentication across cloud access points.
- Maintaining existing cybersecurity investments
If you want to be a leader in cyber resilience, you must also understand the need to be brilliant at the basics. Security breaches most often happen when organisations fail at fundamental aspects of their protection practices.
Businesses should focus more of their budget allocations on sustaining what they already have and making sure the basics of data-centric security are in place, firming up the foundation to build upon future investments.
Wielding the double-edged sword of technology effectively
To stay ahead of the latest tech trends, click here for DigitalEdge Section
With the dynamic threat landscape we are facing today, it is only right that our cybersecurity does not fall laggard to cybercrime’s evolution. Though technology has opened new threat vectors for malicious actors to target, it can also be leveraged to build up our defences in the digital space.
The road to cyber resiliency has already been laid out, with tools readily available for use – it is now up to businesses and nations to wield these tools innovatively and effectively to accelerate us towards a smart interconnected future.
Mark du Plessis is the managing director and security lead for Accenture Southeast Asia
