Cybersecurity was a significant catalyst in facilitating productive remote work and ensuring business continuity in 2020.
As businesses continue to scale existing cyber solutions, enhance critical capabilities like MFA and accelerate the adoption of security models like Zero Trust to meet an increasingly treacherous threat landscape in 2021, it’s little surprise that cybersecurity spending is set to increase.
The 2021 Gartner CIO Agenda survey found organisations in Australia are forecast to spend more than $4.9 billion on enterprise information security and risk management products and services in 2021, an increase of 8% year-on-year. “With the opening of new attack surfaces due to the shift to remote work, cybersecurity spending continues to increase. 67% of ANZ respondents are increasing investment in cyber/ information security, second only to business intelligence and data analytics (73%),” the survey stated.
Gartner’s senior research director Richard Addiscott said the focus on security and risk was “due to major attacks like the SolarWinds supply chain cyber-attack, proposed legislation such as the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and regulatory obligations”.
It’s heartening to note that businesses are continuing to prioritise and increase investments in cybersecurity. One of the things that 2021 has shown us so far is that the war on cybercrime is far from over. Three months into the year and the number of companies impacted by disastrous supply chain attacks (like those on SolarWinds, Accellion and Microsoft Exchange) continues getting bigger, with headlines emerging everyday of cyber-attacks successfully exploiting security gaps in remote working policies.
Now, more than ever, businesses need solid cybersecurity measures and strategies to remain protected. With such high stakes involved, you need to review how to get every ounce of value out of every cybersecurity investment you make – whether those investments are in your technology, processes or people. Here are a few things to keep in mind to get the best bang for your buck.
Aligning tech investments with security gaps
The United Nations’ Secretary-General, António Guterres, warned recently that as the diverse and severe impacts of the COVID-19 pandemic continue to be felt across the world, “unemployment has skyrocketed. Temporary business closures are becoming permanent. Rebuilding to pre-crisis levels of employment and output may take years”. For companies who are attempting to recover losses encountered in 2020 and are under considerable logistical and financial limitations, increased spending on cybersecurity may strain budgets further, making the efficiency of those investments all the more critical.
It never hurts to remind your teams that investing in the most advanced and up-to-date cybersecurity solutions doesn’t necessarily guarantee overall improved security — it’s all about whether those solutions are best fit to address the vulnerabilities present in their overarching cybersecurity strategy. If a business is suffering from malicious spam, for instance, but they have invested big money in an advanced security analytics platform, they may find their cyber defences lacking in other key areas. In such a case, it would make sense to downgrade their security analytics and channel that money into a cloud email security provider.
We always recommend doing a risk analysis and seeing where most incidents occur. Companies need to be able to ask the hard questions and not only find out what’s working and what isn’t, but whether they are doing all that they can to get full value out of their cybersecurity investments. Talk to your stellar security teams to identify the gaps and weaknesses of your existing cybersecurity strategy and then determine the thinking, process and purpose behind the changes that are being implemented. This will increase confidence that your resources are being used as efficiently as possible.
For many businesses, email security continues to be a big problem. The Office of the Australian Information Commissioner (OAIC) revealed in a report this year that “email-based vulnerability is one of the greatest risks” facing Australian firms, identifying phishing emails as the most common method used by hackers to obtain compromised credentials between July and December 2020. Email is a critical tool and arguably the most important means of communication among many businesses, making it an imperative for companies to implement and invest in the right email security solutions that can protect their inboxes.
Adopting a multi-layered strategy
Investing in the right technology is, however, just one part of the solution. We recommend adopting a multi-layered approach to ensure your business' cybersecurity strategy is up to scratch. It’s sometimes referred to as a ‘defence in depth’ approach, designed to defend a system against attacks using several different methods, in the event that if one fails, the others will stop the threat. Along with technology, processes and people are all equally as important when facing cybersecurity challenges and aligning all three will help in mitigating any incoming cyber risks, ensuring your business is protected.
In the case of email security, it's key to remember that no one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a third-party cloud email solution like MailGuard to complement Microsoft 365. For more information about how MailGuard can help defend your inboxes, reach out to our team at firstname.lastname@example.org.
We often focus on getting the technology right in cybersecurity and are tempted to ensure our systems are protected by state-of-the-art innovations. But it’s also essential that we’re spending appropriate time and resources enabling our teams to become cyber defenders and empowering them with the knowledge to make the right choices.
To assist your teams in staying abreast of the latest in cybersecurity, we recommend visiting the MailGuard Blog regularly. Here, we collate the latest threat intelligence and key cyber trends and lessons in a variety of resources, including thought leadership, whitepapers, case studies, infographics and many more. Sharing these with your teams can help to develop more strategic & well-informed discussions on navigating existing and/or incoming cyber challenges, including investing in the right technology and type of training.
Among other things, 2020 reminded us how fundamental cybersecurity is to business continuity and as we navigate a new normal in a post-pandemic 2021, let's continue enhancing the effectiveness of our cybersecurity approaches and investments to make our businesses more cyber resilient than ever.