As technology advances, cybercrime continues to evolve and mature. Fortunately, the market for cyber security solutions is changing. Perpetrators are constantly using new tactics to gain access to systems and improving as well to try and keep ahead of the security threats. So, in this modern world of evolving cyber threats and advancing security solutions to thwart them, what is the current state of cybersecurity and what are global organizations’ main goals and future challenges.
To better understand the current state of cybersecurity, a primary research survey was recently conducted—by Alludo in partnership with Qualtrics—that polled nearly 500 IT professionals responsible for cybersecurity at large international companies. The study explored where business users are focusing their efforts and highlights the challenges they face. In addition, the study investigated how the cybersecurity market is evolving and in which new technology investments are being made.
Key Findings on Cybersecurity
The key findings of this report – compiled in the first half of 2023 – were intended to help decision makers understand what their fellow IT administrators, and the companies they work for, want and need most for protection against cybersecurity threats. The following are the key areas respondents noted most about their focus and need for protection.
- In light of the emphasis organizations are placing on security, it shouldn’t come as a surprise that a significant majority – 86 percent – of those surveyed reported that security was extremely important to their companies. While most of the respondents rated their current security as at least adequate, 64 percent reported that malware and ransomware attacks were of primary concern, at least from an external threats perspective.
- While these stats may not come as a surprise, what was particularly intriguing is how 42 percent of respondents reported that cloud vulnerabilities were second on the list of security threats with outside origins. With cloud adoption growing in popularity at such an astonishing rate, this stat confirms that savvy security and IT professionals are taking security in the cloud into account. Social engineering and stolen or compromised credentials were also prominent concerns amongst respondents, as well as internal threats tied to human error such as weak passwords or employee negligence.
- With all the potential security threats out there, the study found that organizations worldwide plan to increase their security expenditures, with 78 percent reporting that they will increase their security budgets moderately or significantly in the coming year. This may or may not be connected to the rapid adoption of the cloud or the fact that remote work is here to stay. Unfortunately, it is all too common that IT organizations have been impacted by some type of cybersecurity event, often related to cloud vulnerabilities and/or remote access. So, there’s no denying the fact that IT professionals are putting cybersecurity at the forefront of their minds — and budgets.
- Despite the doom-and-gloom of the internal and external threats organizations are facing, the study found that a majority of the respondents exhibited a certain amount of confidence, with 64 percent stating that they did not expect a security breach in the coming 12 months and 59 percent saying they did not experience a security breach during the previous year. This confidence could be the result of having proper security solutions in place, since 88 percent of respondents reported their current security solutions are either very strong or somewhat strong. With today’s reality of hybrid and remote workers, a secure solution for accessing work applications regardless of their location is critical.
Ensuring Data Security by means of Zero-Trust Architecture (ZTA)
The threats detailed above, and the other responses gathered in this survey, underscore the value and necessity of a zero-trust approach in today’s world. ZTA, which operates under the principles that all entities are untrusted by default, least privileged access is enforced, and comprehensive security monitoring is implemented is what enables today’s anytime, anywhere work environments.
The zero-trust approach is recognized worldwide and recommended by many major organizations. Furthermore, just last year, U.S. President Joe Biden signed a cybersecurity executive order focused on zero trust. ZTA works on the principle of “trust is good, control is better.” Regardless of where the request comes from or to which source it is directed, every access request is treated as potentially dangerous and comprehensively checked before access is granted. This makes the zero-trust approach a powerful, flexible and granular way to control access to data across an organization’s IT, network and security landscape.
However, many companies do not implement a ZTA properly because they need a team that is qualified and highly motivated in terms of security to implement it. Another important factor is choosing the right zero-trust solution. It is crucial that these solutions comply with the zero-trust principle “never trust, always verify” and are identity-oriented. Finally, a good zero-trust application provides the ability to define predefined identities, roles and permissions. Compliance with predefined security policies is continuously checked, and according to the principle of “default denial,” all actions that are allowed are blocked.
Even though these tips can help companies take the first steps, there is no clearly defined roadmap for Zero Trust. A strong security strategy is one that has been tailored to the specific company. However, one prerequisite must always be met – all elements to be secured must be named. Remember, the moto is “Never trust, always verify.”
Empowering IT Professionals to Be Secure in 2023 and Beyond
As cloud solutions and platforms continue to grow and more employees are using their own devices, a secure workspace with access to company data and applications is essential. Organizations need to be able to make intelligent and strategic decisions about the security solutions they need and then apply those technologies in a way that deals with the core issues that enable flexibility and choice of decentralized IT.
It’s clear to see that organizations are seeing many benefits from putting in place the necessary tools to keep their organizations safe from evolving security threats. While many claim to be at least somewhat satisfied with how their security strategies and applications are performing, there is always room for improvement. The truth is IT professionals must ensure that their organizations are protected from the cybersecurity threats facing them. With remote and hybrid work becoming an integral part of the new work culture, IT administrators need to be focused on providing a digital workspace that ensures productivity no matter where employees are working in 2023 and beyond.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.