Skip to main content

Battling cyber security challenges with enterprise architecture

it professionals in a server room
(Image credit: Getty)

Over the past few years, it seems that all records have been broken when it comes to the quantity of data lost in breaches (opens in new tab), alongside the sheer numbers of cyber-attacks on companies, governments, and individuals. 

With the growing complexity of enterprise technologies, and indeed the size of overall global business operations, companies are more vulnerable than ever to the prospect of some of the largest cybersecurity attacks we have ever seen. 

Interconnected global systems, software operations, and innovations that have sought to make the world ‘smaller’ have in turn accelerated the size and impact of the cybersecurity threats faced. How can enterprise architecture (EA) help businesses defend against these cyber-attacks?

A lack of visibility

One of the biggest issues at hand is that IT or risk professionals struggle to have clear visibility over the enterprise. 

Aside from knowing the scale of the application and technology portfolios, there are still going to be problems with organisational and data silos, with complex systems, or with duplicated or wasted information. If a business cannot understand and know its structure, it is doomed to fail with security. In fact, an average company takes 191 days to identify data breaches, during which time the amount of information lost could have a severe negative impact on the organisation.

The growth in applications also contributes to another problem, which is that a business cannot address third-party security issues. Even if a firm has very robust risk management, they can still be vulnerable simply because of a weakness in an email provider, or an operating system, or similar. As such, enterprises are more vulnerable to malware attacks - which can cost a company an average of $2.4 million.

At the same time, digital transformation is gathering pace. While afoot long before COVID-19 became part of the global vernacular, the pandemic sped up the adoption of digital technologies (opens in new tab) by several years driven by the need to ‘go remote’ almost overnight. In turn, we’re seeing software updates, regulations and technologies appear that can unravel new cyber security risks. 

Without permanent, effective oversight of risk management or compliance problems, organisations cannot hope to remain protected.

Example: REvil hacking group

revil malware

The REvil ransomware as victims saw it (Image credit: Sophos Labs)

In July 2021, the Russian hacking group REvil (opens in new tab), a gang of cybercriminals known for extorting payments from victims in return for unlocking their files, conducted one of the largest ransomware attacks on record. 

By breaching the systems of US-based software firm Kaseya, the group was able to hit the IT systems of up to one million companies across the globe, demanding $70 million ransom in Bitcoin for a decryption key (opens in new tab). This sophisticated attack, able to bring down firms in 17 countries, is unlikely to be the last of its kind.

Despite the growing threat, many enterprises are largely unprepared. According to new IDG research (opens in new tab), nearly 80% of senior IT and security leaders believe their organisations lack sufficient protection against cyber-attacks, despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges. 

As such, it's more vital than ever for organisations to both build their defences and be aware of the risks, ensuring that they have the appropriate solutions in place to prevent such attacks from taking place. Enterprise Architecture is a key enabler of this for several reasons.

Introducing enterprise architecture

A sub-domain of enterprise architecture, security architecture is vital when overcoming security risks. Security architecture creates and maintains a unified security design that addresses risks to an organisation, while being robust and repeatable. 

For example, by implementing SABSA or the NIST Cyber Security Framework − the two most widely used security frameworks − an organisation can then apply the proper security processes to solutions that are deployed around the firm, maintaining compliance across the organisation.

However, implementing and maintaining security architecture is not simple - it requires a central repository, and architects need to have visibility over the firm’s entire architecture and its interdependencies. Ultimately, organisations cannot create effective security architectures from scratch, and so need to be able to implement common frameworks and standards.

One of the best ways to overcome this challenge is to have a well-maintained enterprise architecture (opens in new tab). With enterprise architecture, firms will have existing maps and models of every aspect of the organisation and relationships between them, all stored in a central repository. 

By having a holistic view of an enterprise, enterprise architects can have better oversight of risk management and compliance problems - which is key for ensuring strong defences. In turn, enterprise architecture can help organisations both in terms of visibility and scalability, helping to increase their level of security detail and ensure its presence across each area of a company.

The bottom line

As organisations constantly evolve, businesses cannot afford to take cyber security issues lightly anymore. Cyber-attacks are clearly growing in sophistication, and therefore so must our defensive tactics. This means better connected processes and systems that can successfully rule out a lack of visibility.

If an organisation waits too long to get this right, it could cost millions in data and pounds at the hands of cyber predators (opens in new tab). Instead, successful digital transformation projects will need to harness the benefits of enterprise architecture to help boost an organisation’s ability to protect itself against ever-evolving threats.

Michael D'Onofrio is CEO of Orbus Software (opens in new tab).

Michael is the CEO of Orbus Software, a technology executive, sustainability entrepreneur, and growth investor with over 15 years of global experience across the UK and Europe, US and Canada, Australia and Asia Pacific regions.