Digital technology has brought incredible opportunities to the business world – but it has also created unprecedented threats. Cybersecurity is perhaps the greatest risk facing businesses the world over. The threat landscape is constantly shifting, and staying one step ahead could be the difference between success and bankruptcy.
At Fujitsu, we are dedicated to understanding the changing face of cybersecurity across the world. Our dedicated Fujitsu Security Operations Centre (SOC) in the UK constantly analyses the latest developments in global cyber threats through real-world monitoring. Each year the Threat Predictions Report charts the ten greatest security risks to enterprises. The latest report for 2017 has revealed that European businesses are leaving themselves vulnerable to attack by failing to carry out simple – but vital – tasks.
It’s both surprising and worrying that the most significant threat is actually the easiest to remedy
Businesses are failing to keep up with the basic IT security processes, and leaving themselves open to easily avoidable breaches. Businesses are being too generous with system access privileges for their regular users – as well as failing to ensure that former users have their access rights revoked. As a result, companies are needlessly at risk of data loss, data theft and the external disruption of their systems.
This is a seriously worrying prospect. Cybersecurity is a business concern, not an IT issue; another recent report showed that one third of organizations that experienced a breach in 2016 lost more than 20% of their revenue as a result. With breaches hitting the bottom line, every business executive must take responsibility for their business’ cybersecurity – or risk becoming the latest high profile disaster.
Unfortunately, ignorance is not an excuse. Every C-suite officer must educate themselves on the vulnerabilities of the business and the steps being taken to mitigate them. The relationship between the leadership team and the IT department is crucial. The IT team must be equipped with the resources needed to monitor for and protect against threats, including the basics of maintaining basic security processes and access rights.
And when serious threats do occur, it’s vital that security teams are equipped with the capabilities and resources to respond quickly – and have the route to escalate the threat to the leadership team as needed. If this is not feasible, the business must provide a budget to source managed security services from technology experts, such as Fujitsu.
The C-suite must also stay aware of how cyber threats are evolving
Many businesses are currently realising the potential of the Internet of Things to enhance business processes or provide new services, and the truly smart city is on the horizon. However, as the Threat Predictions Report shows, many protocols designed for connected devices have their own vulnerabilities. Businesses must consider how they will keep themselves and their customers safe from hackers as these technologies take off. Addressing cybersecurity from the outset, such as during the product design phase, will help to protect devices throughout their lifecycle – read more on this here.
But the newest technologies are also providing us with powerful tools to combat cybercriminals. Our Security Operations Centre predicts that Artificial Intelligence will become a game-changer in enterprise security, acting as an early warning system for unusual web activity, for example. Executive officers should monitor these upcoming tools and be ready to apply them within the business as soon as possible, to stay ahead with their cyber defences.
However, today the fight against cybercrime can’t rest within the C-suite and IT department alone, particularly with the rise of both malicious and accidental insider threats. Every employee is at the front line of the business’ cyber-defences. To avoid breaches through human error, the leadership team should aim to create a culture of cybersecurity, by re-skilling employees to make them security experts and ensuring that the entire workforce has a grounding in best practice. Employees can also form part of the effort against potential malicious insider threats, if they are encouraged to report unusual behaviour or access requests. By giving every employee a stake in cybersecurity, organisations can help to reduce the risk of the most easily avoidable attacks.
We are living in an age of digital disruption, and to succeed the most ambitious companies must be visionary in how they use technology. However, businesses must equally face the threats that the digital world brings and ensure that they are working from a position of strength in their cybersecurity. Board members are well aware of the devastating consequences that a cyber-attack can have, and as a result they must take responsibility for preventing them. By staying aware of the latest developments and working proactively with the business, leaders can reduce their vulnerability and face the future with confidence.