Building Your Foundational Knowledge

While levels of vulnerability to cyberattacks can vary by industry, no organization—regardless of sector or size—should consider itself safe. The increased prevalence of ransomware, which cost U.S. companies more than $20 billion in 2021, has pushed the severity of the threat landscape to new heights. A wide range of ransomware attacks occurred with victims ranging from large corporations to small businesses, major universities to secondary school districts, major hospitals to acute care facilities hospitals … and the list goes on.

Education was the top targeted industry for ransomware in 2021, experiencing a 75% increase in attacks from the previous year. Cyber breaches across the U.S. healthcare sector reached record highs as well, with 45 million individuals affected by ransomware attacks that exposed their personal information – a rate that has tripled over three years according to data from the U.S. Department of Health and Human Services. And in the U.S. financial industry, 90% of all institutions have experienced a ransomware attack over the past year. Similar trends are evident across energy and utilities, government entities, supply chains, and more.

Amid the acceleration of malicious attacks, the global rate of cybersecurity spending has never been higher. Gartner forecasts predict information security and risk management investments will total $172 billion in 2022, increasing from $155 billion in 2021 and $137 billion in 2020. As the threat of cyberattacks continues to rise, IT leaders across the public and private sectors face two key questions:

  • What amount of cyber spending will strengthen our security posture to defend against disruption, theft, and loss?
  • Which cyber investments will give us the agility to enhance our cyber operations team’s efficiency and effectiveness?

The challenge at hand is too complex for a firehose approach of simply throwing large sums of money at the problem and hoping it will go away. Effective cyber spending should always be about quality over quantity. The agility and rapidly changing signature of the tools behind today’s common cyberattacks enable threat actors to easily evade the plethora of legacy systems and perimeter-based controls on the market today, which weren’t designed to defend against the evolving tactics and techniques of attackers.

Taking A More Calculated Approach

It’s clear that a better understanding of the right (and wrong) areas to target with cyber spending is needed across the cybersecurity community. That understanding can only come from sharpening your cyber risk and vulnerability assessment. Analyze current risks, as well as any residual risks your organization is prepared to accept, to begin formulating a security investment roadmap. And assess the intersection of business goals, technical constraints, and availability of resources to identify any gaps or loopholes that are hampering your cybersecurity posture.

  • How well do your tools enable the security outcomes your organization needs and expects?
  • Do they align with the evolving threat landscape? If not, what do you need to keep pace in the future?

Then, take history into account by performing a root-cause analysis of past breaches that exposed certain vulnerabilities within your technology stack, human errors or insider threats. The following three questions can serve as optimal starting points:

  • Which vulnerabilities or organizational mistakes did the attackers capitalize on?
  • Why couldn’t the existing security measures detect the threat?
  • How could the attack have been prevented?

The answers stem from a lack of data-centric security. Data is at the core of most cyberattacks within today’s modern threat landscape – threat actors infiltrate networks to steal high-value data assets that are in turn leveraged for their personal gain.

For a ransomware attacker targeting a healthcare system, that asset could be patient electronic health records to hold for ransom. For a nation-state attacker targeting a federal government network, that asset could be the personal information of U.S. government officials to extort for sabotage. And for an insider threat actor targeting their own organization’s network, that asset could be product roadmap files to sell to an industry competitor. While their motives are different, the mission remains the same – stealing high-value data assets.

Shifting to Data-Centric Cyber Spending

In response, organizations should invest in security tools that actually address the root of the issue at hand. The adoption of data-centric cyberstorage solutions in place of traditional NAS and file shares is a perfect example. These solutions, deployable in any storage setting (on-premises, cloud, edge and hybrid environments), are the only scalable systems positioned to follow data-centric Zero Trust and effectively safeguard assets from the growing capabilities of attackers.

Unlike traditional NAS technologies, cyberstorage products go beyond just relying on identity access controls, backups, encryption keys, and other defense mechanisms that attackers already know how to beat. Instead, they leverage user behavior and entity analytics to automate the integration of active security controls with end-to-end data compliance monitoring, which generates real-time visibility of an organization’s entire data ecosystem to more effectively identify and respond to attacks.

From data protection and data integrity to data compliance, every stage of the data lifecycle is refined and accounted for – building an impenetrable layer of protection around the data asset itself rather than the larger network storing it. And by shaping their defenses around the asset and not the actor, enterprises in turn have the agility to combat whatever tactics the latter deploys. Embracing new data-centric security approaches is the only real way to gain meaningful ground in the fight against cybercrime.

Legacy systems and controls are the reason we’re stuck in this position in the first place. Why continue to blindly invest in them?

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.