Companies list cyberattacks, IT downtime, and leaked data as the greatest threats to their business operations according to the “2020 Allianz Risk Barometer.” What’s more, hardly anyone could have anticipated a global pandemic that would temporarily paralyze parts of the economy. As a result, many companies will reassess their risks, with the likelihood of even more emphasis on cybersecurity, because working from home in particular has increased companies’ dependence on digital infrastructures while simultaneously increasing their vulnerability. Cybercriminals recognized this fact during the early stages of the pandemic, and attacks have been on the rise ever since.
Not only has the number of attacks increased, but also the quality of these attacks. Cybercriminals can use the dark web to access a broad range of cyberattack tools that were previously only available to major hacker groups and nation-states. SMEs are also being subjected to very complex cyberattacks. However, they are often negligent about IT security and reliability because they lack know-how, personnel, or financial resources.
In doing so, they underestimate or overlook how expensive security incidents and interruptions to IT operations are. According to the “Global Data Protection Index: New 2020 Snapshot” from Dell Technologies, the estimated cost of data loss is more than $1 million and the cost of IT downtime more than $800,000. Which means that it is a good investment to spend the money on data and infrastructure protection.
The question remains, where should it be invested? Traditional concepts and solutions work to a limited degree due to increasingly distributed infrastructures with a remote workforce and the use of cloud services. Of course, there’s no getting around the basic necessity of quick and reliable installation of security updates, because most cyberattacks exploit software vulnerabilities. The mail infrastructure must be protected because e-mail is the main port of entry for malware and phishing attempts. Still, having an up-to-date backup is your company’s best insurance against ransomware and hardware downtimes.
Nevertheless, the modern world of work also requires new concepts and technologies. The protection of digital identities, the granting of rights, and monitoring access are among the priorities because the boundaries of the corporate network are becoming. Zero-trust concepts and multi-factor authentication, for example, can help here. In addition, the focus can no longer be on providing defense against threats alone; it needs to be expanded to include detection and response to cyberattacks. In this context, AI and automation are invaluable. They relieve the burden on the employees in IT security departments and help if it becomes necessary to quickly initiate countermeasures to minimize damage and downtimes. It’s the only way of achieving real cyber resilience.
Furthermore, as we have seen in the current global pandemic, companies need emergency plans with thought-out and proven procedures they can fall back on in crises so they do not have to improvise at the last minute. Sending employees home to work remotely is an example of one such improvisation. The option of working from home should be integrated into a company’s overall security concept as quickly as possible. Additionally, employees need clear guidelines and training to enable them to securely handle data and company applications in a responsible manner when working from home.
In the future, IT security must be an integral part of all IT projects, regardless of whether they involve employees working from home, the modernization of the infrastructure, or the introduction of a new cloud service. After all, cybercrime is a business that generates billions in revenue and is constantly evolving, which is why companies need to also consider IT security from the outset and view it as a process that is constantly reviewed and continuously improved.