Building Your Foundational Knowledge

  • By Jonathan Halstuch
  • Jun 02, 2022

While levels of vulnerability to cyberattacks can vary by industry, no organization—regardless of sector or size—should consider itself safe. The increased prevalence of ransomware, which cost U.S. companies more than $20 billion in 2021, has pushed the severity of the threat landscape to new heights. A wide range of ransomware attacks occurred with victims ranging from large corporations to small businesses, major universities to secondary school districts, major hospitals to acute care facilities hospitals … and the list goes on.

Education was the top targeted industry for ransomware in 2021, experiencing a 75% increase in attacks from the previous year. Cyber breaches across the U.S. healthcare sector reached record highs as well, with 45 million individuals affected by ransomware attacks that exposed their personal information – a rate that has tripled over three years according to data from the U.S. Department of Health and Human Services. And in the U.S. financial industry, 90% of all institutions have experienced a ransomware attack over the past year. Similar trends are evident across energy and utilities, government entities, supply chains, and more.

Amid the acceleration of malicious attacks, the global rate of cybersecurity spending has never been higher. Gartner forecasts predict information security and risk management investments will total $172 billion in 2022, increasing from $155 billion in 2021 and $137 billion in 2020. As the threat of cyberattacks continues to rise, IT leaders across the public and private sectors face two key questions:

  • What amount of cyber spending will strengthen our security posture to defend against disruption, theft, and loss?
  • Which cyber investments will give us the agility to enhance our cyber operations team’s efficiency and effectiveness?

The challenge at hand is too complex for a firehose approach of simply throwing large sums of money at the problem and hoping it will go away. Effective cyber spending should always be about quality over quantity. The agility and rapidly changing signature of the tools behind today’s common cyberattacks enable threat actors to easily evade the plethora of legacy systems and perimeter-based controls on the market today, which weren’t designed to defend against the evolving tactics and techniques of attackers.

Taking A More Calculated Approach

It’s clear that a better understanding of the right (and wrong) areas to target with cyber spending is needed across the cybersecurity community. That understanding can only come from sharpening your cyber risk and vulnerability assessment. Analyze current risks, as well as any residual risks your organization is prepared to accept, to begin formulating a security investment roadmap. And assess the intersection of business goals, technical constraints, and availability of resources to identify any gaps or loopholes that are hampering your cybersecurity posture.

  • How well do your tools enable the security outcomes your organization needs and expects?
  • Do they align with the evolving threat landscape? If not, what do you need to keep pace in the future?

Then, take history into account by performing a root-cause analysis of past breaches that exposed certain vulnerabilities within your technology stack, human errors or insider threats. The following three questions can serve as optimal starting points:

  • Which vulnerabilities or organizational mistakes did the attackers capitalize on?
  • Why couldn’t the existing security measures detect the threat?
  • How could the attack have been prevented?

The answers stem from a lack of data-centric security. Data is at the core of most cyberattacks within today’s modern threat landscape – threat actors infiltrate networks to steal high-value data assets that are in turn leveraged for their personal gain.

For a ransomware attacker targeting a healthcare system, that asset could be patient electronic health records to hold for ransom. For a nation-state attacker targeting a federal government network, that asset could be the personal information of U.S. government officials to extort for sabotage. And for an insider threat actor targeting their own organization’s network, that asset could be product roadmap files to sell to an industry competitor. While their motives are different, the mission remains the same – stealing high-value data assets.

Shifting to Data-Centric Cyber Spending

In response, organizations should invest in security tools that actually address the root of the issue at hand. The adoption of data-centric cyberstorage solutions in place of traditional NAS and file shares is a perfect example. These solutions, deployable in any storage setting (on-premises, cloud, edge and hybrid environments), are the only scalable systems positioned to follow data-centric Zero Trust and effectively safeguard assets from the growing capabilities of attackers.

Unlike traditional NAS technologies, cyberstorage products go beyond just relying on identity access controls, backups, encryption keys, and other defense mechanisms that attackers already know how to beat. Instead, they leverage user behavior and entity analytics to automate the integration of active security controls with end-to-end data compliance monitoring, which generates real-time visibility of an organization’s entire data ecosystem to more effectively identify and respond to attacks.

From data protection and data integrity to data compliance, every stage of the data lifecycle is refined and accounted for – building an impenetrable layer of protection around the data asset itself rather than the larger network storing it. And by shaping their defenses around the asset and not the actor, enterprises in turn have the agility to combat whatever tactics the latter deploys. Embracing new data-centric security approaches is the only real way to gain meaningful ground in the fight against cybercrime.

Legacy systems and controls are the reason we’re stuck in this position in the first place. Why continue to blindly invest in them?

Featured

  • Security Today Announces The Govies Government Security Award Winners for 2025

    Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

Most   Popular

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.