As more facets of our lives move online, the number and impact of data breaches continue to soar. Couple this with unprecedented levels of inflation, and it’s no surprise that IBM’s latest Data Breach report found the cost of an average hack to businesses has hit a record $4.35 million.
With so much pressure on IT teams to protect their organisations, employees are reaching their breaking point. One-third now say they’re considering leaving their role over the next couple of years due to stress and burnout, while over half reported that their work stress and mental health have worsened year on year. Sadly, it’s a vicious circle that further weakens security teams and makes them even more vulnerable to future attacks.
To future-proof their cybersecurity, organisations may need to rethink their priorities. Let’s explore how business leaders can protect their companies from cyber-attacks, and support employees to safely shoulder the increasing workload.
Move resources—and responsibilities—to the cloud
Though many modern organisations have long harnessed cloud computing services, studies show that COVID-19 lockdowns accelerated cloud migration by as much as four years. Today, 94% of companies use some form of internet-powered cloud resource to optimise their operations.
After all, the cloud brings innumerable high-profile benefits to organisations, such as greater collaboration, remote data recovery, and increased scalability. But one of its lesser-publicised advantages is security—and the option for businesses to offload some security responsibilities and updates to the vendor, rather than have the entire burden fall on their hard-pressed internal IT teams.
This ’Shared Responsibility Model’ is a framework that many cloud service providers (CSPs) use to outline their own responsibilities for securing the cloud environment, and those of their customers. Simply, the model details that the CSP must monitor and tackle security threats affecting the cloud and its infrastructure. Meanwhile, the customer must take on the protection of the data and assets they store within.
This framework still places a large portion of responsibility on the organisation. But it also offers far greater efficiency and protection than a traditional on-premises model. The shift to the cloud frees up security staff to focus on other tasks, while reducing the pressure of their workloads. Meanwhile, organisations also enjoy state-of-the-art data protection through the expertise and hyper-vigilant measures that CSPs use to safeguard their customers’ assets. It’s a win-win for all—as long as customers take extra care when selecting their providers.
Choose software with identifiable contents
As product shortages and rising prices have brought physical supply chains back under the spotlight, their software-based cousins are also becoming increasingly fragile.
Much like a real-life supply chain, a software supply chain consists of all the components, tools, and processes used to create software. Many modern software applications are no longer built purely from custom code. Instead, they’re created using numerous types of open-source components and libraries from third parties.
This trend of code reuse and cloud-native approaches enables vendors to rapidly craft and deploy software, but it also exposes their customers to vulnerabilities outside of their control. Usually, an attack occurs when a threat actor infiltrates and compromises a vendor’s software before it’s deployed to end-users. Last year, software supply chain attacks grew by more than 300% compared to 2020, becoming so widespread that Gartner listed them as its second-largest security trend of 2022.
For organisations to improve their security, they must seek visibility of all the components that go into the software they use. This can be achieved by looking out for, or creating, a State of Software Bill of Materials (SBOM), which lists all third-party components and dependencies within the software. Then, organisations can either monitor and investigate suspicious activities themselves—or avoid software that uses open-source modules entirely.
Log access to sensitive data
Alongside leveraging new software, it’s also vital that businesses carry out a continuous risk assessment. In other words, consistently log and review employees’ access to sensitive data, and set up alerts for abnormal events like late-night database downloads or logins from an unusual location. Even if hackers manage to access data or store malware, a faster response helps to reduce the impact of the breach and simplifies the search for its source.
Typically, a log will record as much information as possible, from the date and time and source IP address to the HTTP status code and the number of bytes received. A specialist Audit Trail product will also enable managers to create custom trackers and reports that keep tabs on who accesses what data, whether for security purposes, compliance, or even the management of workloads.
Keep your security simple
Ultimately, data security is an inescapable necessity of modern businesses. But it shouldn’t drastically impinge on your day-to-day operations. Using well-meaning but complex authentication methods, which restrict your employees’ abilities to get on with their jobs, can instead increase the risk of breaches. A 2021 study found that tech-savvy younger workers are likely to swap security for speed, with 51% of those aged 16-24 and over a third of all workers admitting they’d sought out security workarounds to simplify their workdays.
It sounds counterintuitive, but to ensure optimal levels of security managers must seek out the simplest methods of authentication. This begins with basics like multi-factor authentication, but can also involve leveraging day-to-day software, such as cloud storage systems, that automatically produce data logs while using encryptions across AES-256 and HTTPS over TLS 1.2 or higher.
Fortunately, there’s no longer a need to trade stress for safety. By harnessing easy-to-use programmes with watertight data protection readily built-in, you can establish organisation-wide security without heavily impacting the cost to your business—and the mental health of your IT professionals.
As Laserfiche’s associate director of Europe and MENA, Attar manages the European and MENA channel of solution providers and clients to promote and develop unique Laserfiche solutions in a wide range of industries. He has represented Laserfiche at regional events in Europe, Australasia, the Middle East and Africa, where he has delivered presentations on digital transformation and provided demonstrations at major events.