What can IT departments do to enhance their overall cybersecurity?
According to Berkshire Hathaway, 71 per cent of organizations were impacted by successful ransomware in 2021. And the World Economic Forum reports an estimated growth of the ransomware industry to $10.5 trillion by 2025, almost doubling since 2020. Wow, that’s big business!
So, what are IT departments doing to protect their corporate assets and identity from attack? Well, research suggests that most IT departments are not keeping pace with the changes in cybersecurity. Given the rapid adoption of the connected world, it’s no wonder there is a struggle to keep the pace.
SecTor was about just that. What can IT departments do to enhance their overall cybersecurity measures, keep pace with changes, and ensure that when a breach does happen (because it likely will)—they know what protocol to follow?
Just staying up to date with industry terminology is enough to keep you busy. Here are a few terms that were thematic throughout the two days at Sector.
MFA (aka: multifactor authentication): Three or more factors of authentication are required. Two-factor is no longer good enough. Now employees should authenticate in three ways by identifying something you know (password), something you have (security token), and something you are (biometric).
Privilege Creep: A person who works for a long time at one organization and moves from job to job over the years, also carries with them the access to files that they once needed but don’t anymore.
Micro Training: When an employee does something risky that may cause a breach, organizations can now pop up a video to quickly train the user on the correct behaviour.
Zero Trust: The notion that authentication must be completed first then trust in the user can be achieved. This is typically done to access each application. All organizations should be adopting this process for all access points within the company’s on-prem and cloud environments.
Of course, there are many other terms to be identified, but this is a good start.
If we know it takes no time for a cybercriminal to breach a system—in fact, it only takes one minute and 38 seconds—IT have their jobs cut out for them. A notable trend that emerged as part of discussions at SecTor was the disablement and/or corruption of backup files, which ultimately lead to data exfiltration. Data exfiltration is when a company’s data is copied, transferred, or deleted. If you think of the banking or health industries, data is critical and personal.
Imagine, as a CISO, you arrived at work Monday morning after a nice long weekend, only to learn that there was a cybersecurity breach and that the breach resulted in the corruption of backup files needed to recover from the attack.
This is why a zero-trust policy should be in place. It is why multi-factor authentication is critical. Experts go as far as recommending passphrases as the “something you know” in your security settings. It is also why single sign-on (SSO) is such a key element in avoiding privilege creep and ensuring the right access.
As we adopt and integrate cybersecurity best practices into our daily lives, businesses will still need to continue evaluating their appetite for risk, how much to invest to reduce the risk, and the processes that they need to continuously evolve to avoid the next attack. Ransomware, data corruption or other industrial corporate espionage is not going away, and realities suggest they are becoming a daily battle that is building momentum—aimed at becoming a $10.5 trillion industry by 2025.
September 7, 2023
#FacesOfCalian: Oscar Morales
Get to know the Calian team with our Faces of Calian series!
August 1, 2023
Google Engages iSecurity, a Calian Company, to Conduct Assessments of Google Cloud
Google's recent decision to engage iSecurity, a Calian company, for a comprehensive privacy impact assessment (PIA) and a threat risk assessment (TRA) for Google Cloud services in Canada was a significant step towards even stronger data protection and risk management.
May 26, 2023
Meet the Experts - Kevin de Snayer
In today’s edition of Meet the Experts, we have an interview with Kevin de Snayer, Director of Cyber Solutions, ITCS, Calian.