By Fred Kost, Global Vice President Cross Platform, Security and Analytics, Oracle
Today, cyberattacks pose one of the most daunting challenges any business may experience.
A new study from the University of Maryland estimates that a cyberattack occurs every 39 seconds, with cybercrime estimated to cost companies an estimated $10.5 trillion annually worldwide by 2025, according to Cybersecurity Ventures placing cybercrime at the heart of the greatest transfers of economic wealth in history. This cost is not just confined to large businesses — the global average cost of a data breach is $3.9 million across SMBs.
Considering these stakes, organizations, no matter their size, need to have a hard look at security and its impact on business sustainability.
Business sustainability — and the question of trust
Sustainability, at its most basic level, means the ability to “continue for a long time.” In business, this typically applies to an organization taking responsibility for its activities and how they impact people and the environment. With companies increasingly powered by technology and data when their IT systems fail, or data is lost or becomes unavailable, it can have a major impact. Customers fail to get orders, suppliers fail to get paid, and personal details can fall into the wrong hands, all of which impacts trust.
As in any relationship, trust is crucial. It is the foundation that allows an organization to take responsible risks, and if mistakes are made, rebound from them.
Security challenges only increasing
A further issue is that cyberattacks are rapidly increasing; not just in terms of number but also complexity.
Data losses caused by breaches and cyberattacks on organizations, governments, and individuals hit record-breaking levels in 2020. According to the Wipro ‘State of Cybersecurity report’, cyberattacks went up by 47 percent while 70 percent of businesses faced challenges with endpoint hygiene, in part due to the surge in remote working.
While the application of technologies such as cloud, machine learning (ML), artificial intelligence (AI), and 5G are bringing many benefits to individuals and business, their use is also increasing the sophistication of threats; there’s also greater tactical cooperation among hacker groups and state actors.
So, you might ask, just what should companies do?
Intelligent, Reliable Security: Key to Building Sustainable Business
To help combat increasingly sophisticated threats, there are new intelligent security tools that use cloud services and new applications of artificial intelligence (AI) and machine learning (ML) that go beyond malware protection.
For example, security automation, frequently offered in next-generation clouds, can reduce the time and resources needed to manually manage user access, while also decreasing human error.
Advanced analytics capabilities, using AI, allow organizations to quickly identify and respond to security issues, helping organizations better protect themselves from cyberattacks.
However, it is worth noting that often systems are breached not because there aren’t enough security tools but because some vendors have made security too complex by not baking it into their software and hardware. For example, but setting security settings to always on and requiring data to be encrypted and security tools should be easier to adapt by being automated, and leveraging AI and ML. This is the bar that should be expected from the industry.
The Age of “Zero Trust”
A different approach is also needed.
Today, the standard network security posture focuses on stopping threats that come from outside the network perimeter through firewalls, VPNs, and passwords or other access controls. As the use of cloud services expands, it creates new potential for compromised or stolen credentials of a privileged administrator or application, leaving data vulnerable to theft from inside the network.
A ‘zero trust’ approach is needed to tackle these challenges and keep sensitive data safe.
Here, no one is trusted by default from inside or outside the network. Verification from every user trying to gain access to each individual enterprise resource is required, with users and their access rights being granted to systems, networks, and data on a per-connection basis.
Security in the cloud — whose responsibility is it?
Another clear area of issue faced by many organizations continues to be the issue of shared responsibility for security in the cloud. According to the 2020 Oracle and KPMG Cloud Threat Report, while 96 percent of IT professionals were familiar with the cloud security shared responsibility model, only 8 percent fully understood the shared responsibility model for all types of cloud services.
Part of the challenge is due to today’s hybrid-multi-cloud world, where organizations work with multiple infrastructure and software cloud providers, each of which has its own version of the shared responsibility model. This can bring a lack of clarity on whose responsibility is what, bringing with it a risk of misconfigurations, software vulnerabilities, human error, and process redundancy.
While cloud security is a shared responsibility, there are providers that take greater responsibility for the systems and data that run their customers’ operations as well as their own. Set a benchmark that demands security-first design principles. These should center on providing built-in security controls including isolated network virtualization and strict separation of duties, complemented by services delivering always-on encryption and continuous monitoring of user behavior.
In short, placing safety and security front and center when considering sustainable business is key to ensure business longevity and build trust — and this requires taking a holistic approach that brings together the best practice in terms of tools and approach, in order to protect a company’s vital data assets.