Over the past year, the cybersecurity threat landscape has continued to grow. Each new device connected to the internet presents a new target for attackers. And each new social media post creates new risks for phishing attacks or social engineering.
The industry is evolving to meet these changes. Today, anyone from your neighbour to a nation state could launch an attack. And it only takes one weak spot for attackers to be able to steal invaluable company data.
The latest AT&T Cybersecurity Insights Report shows the impact of successful attacks: downtime (46 per cent), loss of revenue (28 per cent), reputational damage (26 per cent), and even loss of customers (22 per cent).
For the year ahead, innovations like software-based virtual security functions and advanced analytics have not only become the latest security trends, but also the latest protection for an organisation. Being able to scale and update security defences in real time and automate threat detection are now essential to handle the sheer volume of cyberattacks.
There is no doubt organisations face a daunting set of challenges, but hope is not lost. My advice for businesses? Consider the following:
1. Risk and vulnerability assessments
Know your weaknesses. Businesses need to know this to develop a comprehensive cybersecurity strategy. Adopting a two-step process will help organisations identify weak spots and focus on fixing these issues.
- Phase 1: Gather information and set the scope for risk assessment
- Phase 2: Analyse the risk of the information you gather; this tells you the likelihood of a breach
Organisations also need to take a multi-layered approach to their security. They need threat detection, incident response and at times, cybersecurity insurance.
2. Automation tools
A focus on the basic detect-and-respond defences will help businesses better protect against known threats. Additionally, a shift toward automated technologies will help improve the pace and scope of a response. Businesses no longer need to assign as much human resources on finding and addressing these risks.
Analytics takes the time-consuming problem of sifting through lots of data to turn it into an advantage. And the more data you give these systems, the more effective they become. Add machine learning and these systems are able to identify cybersecurity threats. At AT&T for example, by adding machine learning to our cybersecurity strategy, we can process countless data points. We can also better detect and respond to threats by teaching systems to identify new threats on their own and alert us.
To keep best practices front of mind, employee awareness training and governance is key. Companies need to realise it takes more than a poster and some emails to create a ‘cyber aware’ workforce.
All it takes is an employee clicking on one suspicious email link to unlock Pandora’s Box. This is why employees need to be aware that threats are not limited to their inbox.
Cybercriminals now make calls posing as help desk representatives, even offering free tablets to employees who register with work-related information. Training should make employees aware of the wide range of threats and teach them company security is their responsibility.
Security has come a long way in 2016, and it will continue to evolve in 2017.
At AT&T, we’re making advancements to evolve our solutions and technologies to meet cyberattacks head on—and equip today’s businesses to do so, too.
There are challenges ahead, but by addressing these three areas, businesses will be better prepared. We must all be hyper-vigilant if we’re going to keep ahead of our adversaries. By educating ourselves and following proven techniques, we can.
John Vladimir Slamecka, Region President-Global Business, EMEA, AT&T
Image Credit: Sergey Nivens / Shutterstock