The number of data breaches and their effects are increasing as more aspects of our lives move online. It’s not surprising that the latest IBM Data Breach report found that the average cost of a hack to businesses has reached a record $4.35 million when combined with inflationary levels that are unheard of.
Employees are at their breaking point due to the immense pressure IT teams are under to protect their organisations. Over half of respondents reported that their mental health and work-related stress have gotten worse year over year, and One-third now say they are thinking about leaving their position within the next two years due to stress and burnout. Unfortunately, it’s a vicious cycle that erodes security teams further and leaves them open to future attacks.
Organisations may need to reevaluate their priorities in order to secure their cybersecurity in the future. Let’s examine how business executives can defend their organisations against cyber-attacks and help staff members cope with the growing workload in a safe manner.
Put resources (and duties) in the cloud.
Though many modern organisations have long harnessed cloud computing services, studies show that COVID-19 lockdowns accelerated cloud migration by as much as four years. Today, 94% of companies use some form of internet-powered cloud resource to optimise their operations.
After all, the cloud brings innumerable high-profile benefits to organisations, such as greater collaboration, remote data recovery, and increased scalability. But one of its lesser-publicised advantages is security—and the option for businesses to offload some security responsibilities and updates to the vendor, rather than have the entire burden fall on their hard-pressed internal IT teams.
This ’Shared Responsibility Model’ is a framework that many cloud service providers (CSPs) use to outline their own responsibilities for securing the cloud environment, and those of their customers. Simply, the model details that the CSP must monitor and tackle security threats affecting the cloud and its infrastructure. Meanwhile, the customer must take on the protection of the data and assets they store within.
This framework still places a large portion of responsibility on the organisation. But it also offers far greater efficiency and protection than a traditional on-premises model. The shift to the cloud frees up security staff to focus on other tasks, while reducing the pressure of their workloads. Meanwhile, organisations also enjoy state-of-the-art data protection through the expertise and hyper-vigilant measures that CSPs use to safeguard their customers’ assets. It’s a win-win for all—as long as customers take extra care when selecting their providers.
Opt for software with recognisable contents.
As product shortages and rising prices have brought physical supply chains back under the spotlight, their software-based cousins are also becoming increasingly fragile.
Much like a real-life supply chain, a software supply chain consists of all the components, tools, and processes used to create software. Many modern software applications are no longer built purely from custom code. Instead, they’re created using numerous types of open-source components and libraries from third parties.
This trend of code reuse and cloud-native approaches enables vendors to rapidly craft and deploy software, but it also exposes their customers to vulnerabilities outside of their control. Usually, an attack occurs when a threat actor infiltrates and compromises a vendor’s software before it’s deployed to end-users. Last year, software supply chain attacks grew by more than 300% compared to 2020, becoming so widespread that Gartner listed them as its second-largest security trend of 2022.
For organisations to improve their security, they must seek visibility of all the components that go into the software they use. This can be achieved by looking out for, or creating, a State of Software Bill of Materials (SBOM), which lists all third-party components and dependencies within the software. Then, organisations can either monitor and investigate suspicious activities themselves—or avoid software that uses open-source modules entirely.
Log access to sensitive information
Alongside leveraging new software, it’s also vital that businesses carry out a continuous risk assessment. In other words, consistently log and review employees’ access to sensitive data, and set up alerts for abnormal events like late-night database downloads or logins from an unusual location. Even if hackers manage to access data or store malware, a faster response helps to reduce the impact of the breach and simplifies the search for its source.
Typically, a log will record as much information as possible, from the date and time and source IP address to the HTTP status code and the number of bytes received. A specialist Audit Trail product will also enable managers to create custom trackers and reports that keep tabs on who accesses what data, whether for security purposes, compliance, or even the management of workloads.
Simplify Security Measures
In the end, data security is a necessity that cannot be avoided for modern businesses. But it shouldn’t materially affect how you conduct business every day. Instead of decreasing the risk of breaches, using well-intentioned but cumbersome authentication methods that limit your employees’ ability to perform their jobs can actually increase that risk. A 2021 study discovered that younger, tech-savvy workers are likely to sacrifice security for speed, with 51% of those aged 16 to 24 and more than a third of all workers admitting they’d looked for security workarounds to make their workdays easier.
Contrary to popular belief, managers must look for the most straightforward forms of authentication in order to guarantee the highest levels of security. This starts with fundamentals like multi-factor authentication, but it can also rely on common software, like cloud storage systems, that automatically create data logs while using encryptions across AES-256 and HTTPS over TLS 1.2 or higher..
Thankfully, there is no longer a need to sacrifice safety for stress. You can establish organization-wide security without significantly impacting the cost to your business—and the mental health of your IT professionals—by utilising simple programmes with impenetrable data protection already built-in.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.