Building Your Foundational Knowledge

While levels of vulnerability to cyberattacks can vary by industry, no organization—regardless of sector or size—should consider itself safe. The increased prevalence of ransomware, which cost U.S. companies more than $20 billion in 2021, has pushed the severity of the threat landscape to new heights. A wide range of ransomware attacks occurred with victims ranging from large corporations to small businesses, major universities to secondary school districts, major hospitals to acute care facilities hospitals … and the list goes on.

Education was the top targeted industry for ransomware in 2021, experiencing a 75% increase in attacks from the previous year. Cyber breaches across the U.S. healthcare sector reached record highs as well, with 45 million individuals affected by ransomware attacks that exposed their personal information – a rate that has tripled over three years according to data from the U.S. Department of Health and Human Services. And in the U.S. financial industry, 90% of all institutions have experienced a ransomware attack over the past year. Similar trends are evident across energy and utilities, government entities, supply chains, and more.

Amid the acceleration of malicious attacks, the global rate of cybersecurity spending has never been higher. Gartner forecasts predict information security and risk management investments will total $172 billion in 2022, increasing from $155 billion in 2021 and $137 billion in 2020. As the threat of cyberattacks continues to rise, IT leaders across the public and private sectors face two key questions:

  • What amount of cyber spending will strengthen our security posture to defend against disruption, theft, and loss?
  • Which cyber investments will give us the agility to enhance our cyber operations team’s efficiency and effectiveness?

The challenge at hand is too complex for a firehose approach of simply throwing large sums of money at the problem and hoping it will go away. Effective cyber spending should always be about quality over quantity. The agility and rapidly changing signature of the tools behind today’s common cyberattacks enable threat actors to easily evade the plethora of legacy systems and perimeter-based controls on the market today, which weren’t designed to defend against the evolving tactics and techniques of attackers.

Taking A More Calculated Approach

It’s clear that a better understanding of the right (and wrong) areas to target with cyber spending is needed across the cybersecurity community. That understanding can only come from sharpening your cyber risk and vulnerability assessment. Analyze current risks, as well as any residual risks your organization is prepared to accept, to begin formulating a security investment roadmap. And assess the intersection of business goals, technical constraints, and availability of resources to identify any gaps or loopholes that are hampering your cybersecurity posture.

  • How well do your tools enable the security outcomes your organization needs and expects?
  • Do they align with the evolving threat landscape? If not, what do you need to keep pace in the future?

Then, take history into account by performing a root-cause analysis of past breaches that exposed certain vulnerabilities within your technology stack, human errors or insider threats. The following three questions can serve as optimal starting points:

  • Which vulnerabilities or organizational mistakes did the attackers capitalize on?
  • Why couldn’t the existing security measures detect the threat?
  • How could the attack have been prevented?

The answers stem from a lack of data-centric security. Data is at the core of most cyberattacks within today’s modern threat landscape – threat actors infiltrate networks to steal high-value data assets that are in turn leveraged for their personal gain.

For a ransomware attacker targeting a healthcare system, that asset could be patient electronic health records to hold for ransom. For a nation-state attacker targeting a federal government network, that asset could be the personal information of U.S. government officials to extort for sabotage. And for an insider threat actor targeting their own organization’s network, that asset could be product roadmap files to sell to an industry competitor. While their motives are different, the mission remains the same – stealing high-value data assets.

Shifting to Data-Centric Cyber Spending

In response, organizations should invest in security tools that actually address the root of the issue at hand. The adoption of data-centric cyberstorage solutions in place of traditional NAS and file shares is a perfect example. These solutions, deployable in any storage setting (on-premises, cloud, edge and hybrid environments), are the only scalable systems positioned to follow data-centric Zero Trust and effectively safeguard assets from the growing capabilities of attackers.

Unlike traditional NAS technologies, cyberstorage products go beyond just relying on identity access controls, backups, encryption keys, and other defense mechanisms that attackers already know how to beat. Instead, they leverage user behavior and entity analytics to automate the integration of active security controls with end-to-end data compliance monitoring, which generates real-time visibility of an organization’s entire data ecosystem to more effectively identify and respond to attacks.

From data protection and data integrity to data compliance, every stage of the data lifecycle is refined and accounted for – building an impenetrable layer of protection around the data asset itself rather than the larger network storing it. And by shaping their defenses around the asset and not the actor, enterprises in turn have the agility to combat whatever tactics the latter deploys. Embracing new data-centric security approaches is the only real way to gain meaningful ground in the fight against cybercrime.

Legacy systems and controls are the reason we’re stuck in this position in the first place. Why continue to blindly invest in them?

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.