Cybersecurity is changing quickly. Is your company keeping up?

The problem is that cybersecurity is changing more quickly than organizations are keeping up.

Traditionally, enterprise-level cybersecurity was conceptually simple. Most company networks had physical boundaries, meaning that their perimeters could be protected, and access by authenticated and secured devices was simpler. Cybersecurity was a matter of maintaining strong firewalls and keeping unauthorized network traffic out. 

But widespread digitalization with the cloud and broad adoption of digital platforms completely upends the traditional cybersecurity paradigm. Today company networks are much more porous. And the cybersecurity protections most companies have in place are no longer sufficient.

In a digital business, every Wi-Fi-enabled printer, mobile device and company laptop is a potential network access point for a hacker or bad actor. Employees become a critical vulnerability, often connecting to their company’s network through multiple devices, frequently using public and home Wi-Fi networks for access. 

That’s what happened when hackers managed to gain access to the Law Department’s network. All they needed was one employee’s email password, and all it took was one vulnerable employee. Although the breach was caught early, the hackers could have gained access to sensitive information affecting hundreds of people by just targeting one person’s computer. 

That’s a big problem for digital-first companies in New York. The companies now run hybrid networks that incorporate IT assets over which they don’t have direct oversight or control. Many companies rely on cloud computing services such as Microsoft Exchange to provide email and other key network functionalities. More often than not, they also employ cloud applications and storage services such as Zoom and Google Drive.

Some 48% of enterprise workloads now occur on the public cloud, and the Flexera 2021 State of the Cloud report found that the average company uses around five different cloud services.

But the expanded attack surface for businesses doesn’t stop there. Every online account maintained by a company or company employee is yet another element of the cyberattack surface. Social media accounts, video services, private email, and e-commerce accounts can all be compromised, often with sophisticated social engineering attacks, giving criminals access to crucial personal information or login credentials that they can use to better infiltrate a company’s network. 

Once the criminals gain access to a company network, they can move sneakily between devices until they find the information they need or can install the malware they’ve brought with them.

In the current threat environment, cybersecurity needs to be proactive, holistic, multifaceted and identity-based. Companies need to secure employees and teams, not just individual devices and networks. Further, they must adopt a full life-cycle approach to cybersecurity, with continuous protection and continuous response.

Many companies are being swept up into digital transformation trends before they’ve carefully weighed the risks involved and have prepared an appropriate security response.

The Covid-19 pandemic, in particular, accelerated digital transformation faster than businesses could keep up. In a recent security report by Hacker One, 31% of technology executives from around the world said they underwent a digital transformation in the past year before they were fully prepared for it. 

Places such as New York, where a lot of organizations have gone digital, are particular targets for cybercriminals. In 2019 90% of reported data breaches in the U.S. occurred in New York or California.

Digital transformation is a bell that can’t be unrung. There’s no going back. But going forward, companies have a limited window of opportunity to start securing their expanded attack surfaces before they fall victim to cybercrime. It won’t be easy, but with the right tools, it will be possible to mitigate exposure and minimize the potential damage of a cyberattack.

If cybersecurity isn’t one of your company’s top priorities alongside digital transformation, it ought to become one.

Tom Kelly is president and CEO of IDX, an Oregon-based provider of data-breach and consumer-privacy services.

Comments are closed.