Safety first: level up fast in cybersecurity to protect your organization

No business is immune to cyberattacks, making cybersecurity a key focus area for senior executives, including CISOs. According to NTT Security Holdings’ 2023 Global Threat Intelligence Report, technology, education, manufacturing, the public sector and transportation and distribution are now the five sectors most often coming under attack.

In the US alone, the value of cybercrime reported to the Internet Crime Complaint Center was USD 10.3 billion, up sharply from USD 6.9 billion the year before.

According to the World Economic Forum, the average annual global cost of cybercrime is expected to increase from USD 8.4 trillion in 2022 to more than USD 23 trillion in 2027, while the Asia Pacific region is experiencing a huge increase in cyberattacks compared with other global regions.

Similarly, the Singapore Cyber Emergency Response Team dealt with 8,500 phishing attempts in 2022 – more than double the 3,100 cases they handled in 2021 – while the Australian government’s wide-ranging Cybercrime in Australia 2023 report says cybercrime kept rising in recent years, with more than 76,000 incidents reported to ReportCyber in 2021–22 (up 13% from the previous year) and the combined losses of reported scams reaching at least AUD 3.1 billion in 2022, a substantial increase from 2021.

But even industries with high levels of cybermaturity, such as financial services, remain targets because of the prized data they hold.

In these circumstances, trusted cybersecurity consulting expertise can be a major asset to CISOs, providing them with deep insights into threats as well as helping to secure adequate sponsorship from the business.

• ALSO READ → Latest thinking: Creating stronger cybersecurity maturity

Adding a secure-by-design lining to digital transformation

The rapid digital transformation of industries has made it hard for security controls to keep up. NTT’s 2022–23 Global Network Report shows that 87% of top-performing organizations are investing in their cybersecurity capabilities. A key focus in this area is the move from perimeter-based security to zero trust security.

Migrating workloads to the cloud creates immense business benefits, from increasing agility and flexibility to speeding up innovation. But the new environment is dynamic, highly distributed and potentially vulnerable by design. As a result, attackers are targeting application layers at unprecedented levels.

Similarly, network modernization has increased the number of systems and entities linked together. While this boosts productivity and efficiency, it also risks increasing the number of security incidents if security wasn’t part of the initial design phase.

It makes sense, therefore, that 88% of IT leaders would prefer to outsource their end-to-end network to a single strategic partner (2022–23 Global Network Report) with the knowledge and experience to view security holistically across the entire ecosystem.

Covering the range of skills needed to keep up with cybersecurity

To keep up with the effects of rapid modernization and constant cyberattacks, organizations need to know their current state before designing, operating and managing systems and processes. This requires skills across a multitude of areas, including the network, cloud, operational technology (OT), IoT and applications.

This talent is in short supply, so to achieve an acceptable level of cyber resilience, many CISOs are bringing in outside expertise to complement their own teams and strengthen their security posture across the enterprise.

Gaining insight into vulnerabilities

According to the 2023 Unit 42 Ransomware and Extortion Report by Palo Alto Networks, at least 75% of ransomware attacks and breaches fielded by their response team resulted from attack surface exposures, up from 40% the year before. And, by late 2022, 70% of ransomware cases included data theft, up from roughly 40% in mid-2021.

In an ideal world, it would be possible to invest in all aspects of security to protect your data and systems. In the real world, however, budget, resources and business constraints make this impractical. A more efficient approach is to proactively evaluate your organization against attack trends and protect the most vulnerable areas first. Thinking like an adversary enables you to identify vulnerabilities, manage threats effectively and prioritize security investments.

Working with a trusted external security partner can deepen your understanding and keep you up to date on the latest attack trends and security measures. How they can assist you depends on their area of expertise, whether it be the network, cloud, edge or data centers.

If your partner is multitalented and vendor-neutral, they can guide you to secure your environment from multiple angles. It is essential that you choose a partner like NTT that can help you with an end-to-end proposition while delivering tangible business outcomes to better manage your cyber risk.

Meeting regulatory requirements and complying with legislation

The wider your network spreads, the more hoops you have to jump through to comply with regulations in each region, country and industry. Checking that your organization’s IT environment fits in neatly with regulatory frameworks is an essential element in determining your as-is organizational state and planning how to progress to your to-be state.

As organizations face the challenge of identifying, measuring and mitigating cybersecurity risks, experts can provide guidance on how best to achieve their objectives pragmatically while staying compliant with regulations and frameworks.

According to the 2022–23 Global Network Report, 93% of organizations say that the convergence of security and networking is their most prominent focus in terms of the changing characteristics of networks, while 95% are investing in their cybersecurity capabilities, 91% plan to move to identity-based security and 93% believe new threats will drive increased security demands.

So, it’s clear the global trend of using security consulting services will continue and grow significantly as organizations that want to implement effective incident response plans need to build a solid understanding of what it takes to prevent an incident from happening in the first place.