Every year, Cybersecurity Awareness Month aims to raise awareness around the importance of digital security, seeking to empower businesses and consumers to improve their cyber resilience and continue to fight against external threats.
A significant focus has been placed on improving cybersecurity practices in recent years – with many attributing the kickstart to the pandemic, lockdown and the exponential rise in cyber attacks that were seen globally. However, despite this increased vigilance against external threats, the cybersecurity battle continues.
Security Buyer spoke to a range of industry experts to better understand where the threats still lie, and how they can be overcome.
Mathieu Chevalier, Principal Security Architect at Genetec
New research, conducted by Genetec, shows that cybersecurity remains a top concern for physical security professionals going into 2023.
Based on insights from over 3,700 physical security leaders from around the world, the report revealed that almost half (49%) of the organisations surveyed had activated an improved cybersecurity strategy this year, and more than a third of all respondents (36%) are looking to invest in cybersecurity-related tools to improve their physical security environment in the next 12 months.
When asked about the challenges faced when managing employee and visitor safety, more than half of the organisations selected cybersecurity as their main challenge. This was particularly evident for organisations with over 100,000 employees, with 62.3% of them indicating that cybersecurity was their top challenge, compared to 52.1% for companies with under 100,000 employees.
Of the many capabilities related to cybersecurity and data protection deployed by physical security teams in the last year, cyber-hardening of physical security hardware and access control management were the most popular, with 40% of respondents implementing new measures targeting those capabilities.
It’s reassuring to see physical security professionals prioritising their organisation’s cyber security posture. As the threat landscape continues to evolve, leading with a defense in depth strategy remains the best game plan that an organisation can have. Businesses will need to put in place cybersecurity best practices and choose technology partners who offer higher levels of automation to stay on top of potential threats. They will also need to scrutinise their entire supply chain and demand continuous verification, rather than just hardening networks and systems.
Rick Jones and Scott Goodwin, Co-Founders, DigitalXRAID
One area that has come up time and time again is proactive security and Security Operations Centre (SOC) services like threat intelligence. The importance of threat intelligence is underscored by the need for organisations to understand and gain visibility over the most severe threats facing their networks at any given time. Drawing on actionable insights from threat research and analysis, security teams are able to proactively defend against and detect attackers, limiting both the likelihood and severity of a breach.
However, many companies lack the resources and expertise to automate this data correlation and analysis process, which can be a huge drain on internal resources. This is why outsourcing a SOC is becoming increasingly popular and enterprises with limited budgets and expertise in house are turning to external SOC providers to monitor events inside and outside of a network 24/7/365.
IT teams often struggle to secure additional cybersecurity budget owing to a siloed department structure between themselves and senior management who make budgetary decisions, and find it challenging to quantify return on investment for security.
As the threat landscape becomes ever-more dangerous, with phishing and ransomware threats continuing to rise, it is vital that technical security teams and senior management work together and communicate in one common language: risk. Using a risk-based approach when seeking buy-in from the board helps to highlight a business’ exposure and, importantly, quantifies the financial impact if this risk were to be exploited.
Ultimately, risk can never be removed entirely; there will always be new threats and vulnerabilities that can cause damage to a business. The aim is therefore to measure risk and reduce it to an acceptable level. And this can only be achieved by communicating to the board in a shared language they understand.
To read the full exclusive see our latest issue here.
Never miss a story… Follow us on:
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922