Latest News

Cybersecurity, complacency and the need for vigilance: A new IT challenge for 2022

Last year, many industries increased the strength of their cybersecurity armouries, adjusting to the new threats that sprang from remote working. During a year of major cyberattacks, business leaders responded and many were able to successfully protect their businesses.

Yet, in 2022, we must all stay vigilant. It’s easy to fall into a false sense of security and assume that you’ve done enough. This approach could trigger another wave of security breaches, rippling across multiple sectors and catapulting the corporate world back into a state of anxiety.

The cycle will not be broken until every employee feels a sense of personal responsibility to follow security best practises.

In this article, Lewis Huynh, Chief Security Officer, NinjaOne, looks at why now, more than ever, cybersecurity needs to be a focus as we progress through 2022.

 

Make cybersecurity a top priority

Business leaders are pushing to engender a culture of digital security ownership. While many of us recognise the need for protection and vigilance, there are those that just aren’t sure what good security looks like, never mind how to attain it. This is why strong leadership is so essential as we move through 2022.

If there’s one positive the pandemic has created for business, it’s been the acceleration of digital transformation. Yet this has come with its challenges too. Proliferating devices, new user behaviours and an escalation of learning requirements have all come together to create a perfect storm.

In the midst of these challenges, the media has promoted the success of organisations across all sectors, and for the most part that’s true. But we’ve also witnessed hackers iterating through security vulnerabilities with lightning speed, to the point where IT and security teams are pushed to their limits.

However, many leaders have seen their security teams succeed against these attacks. They may be viewing this as a big win, and a reason to start spending less, but that has dire consequences.

As organisations work to find the right balance, criminals are waiting for the next opportunity to arise. We could see more large-scale attacks across the industry, undoubtedly triggering another cycle of concern, awareness, and hyper-vigilance that then evolves once more into a false sense of security.

 

Education is the key to cybersecurity protection

Business leaders need a cybersecurity starting point. And when it comes to investing in security, the focus should be on your people.

Whether it’s organisational security or personal security, the weakest link is always your wider workforce. And because social engineering tactics have become increasingly sophisticated, with personal information spread across social media and every place we’ve visited online, the threat is widespread.

This proliferation of non-approved productivity and messaging apps has led not only to phishing attacks, but also to targeted spear phishing campaigns. Not only can this result in identity theft, but also the theft of trusted access credentials, and proprietary intellectual property.

We, as the users, now become the keys for criminals hoping to gain access to an organisation. Fortunately, we are also the best defence any organisation can have when leaders implement strategies that build a culture of security ownership.

Leaders need to build, promote and socialise a culture of security ownership, but this takes time and effort. Yet there are quick wins to be had. Practical steps such as end-user security training, internal phishing campaigns with rewards and incentives, and having open and frank conversations will all go a long way to building a culture of cyber safety.

Mix in the controls and processes of well-regarded security frameworks, along with unified endpoint management and security tools on user systems, and leaders will begin to extend the reach and capabilities of their dedicated security teams.

 

Assuming you’re safe is not an option

If last year revealed anything, it’s that cybercriminals aren’t slowing down. They are using employees as a gateway to infiltrate businesses, and they are ramping up their game. While organisations have made headway in improving their IT and security systems, leaders should never assume they’re doing enough.

From the work carried out on NinjaOne’s report on shadow IT, we know that many employees will break the rules when given the opportunity. Many cite reasons such as policies being too strict and impacting productivity, or simply that the security team is too slow in reviewing new tools. This risky behaviour is hard to correct, which is precisely why a culture of security ownership is so important.

When employees understand the importance of their own actions, organisations can begin to overcome these cybersecurity challenges. Additional investments, like engaging in regular penetration testing, investing in the tools and protocols needed to meet cybersecurity framework standards, and frequent security training can all elevate an organisation’s security standing.

Don’t be tempted to lower your security investment. It’s time to consult with IT managers or managed service providers (MSPs) to understand how you can best protect yourself while keeping your organisation performing at optimal levels. Because once security is compromised and a breach occurs, there’s no going back.