Security gaps leaving businesses wide open
By Pete Murray, Managing Director ANZ, Veritas Technologies
Tuesday, 17 May, 2022
The pandemic has served as a catalyst for change in just about every aspect of life, but none more so than for businesses that have had to fast-track their digital transformation and shift to hybrid working models in a matter of weeks. With the Australian Cyber Security Council (ACSC) recently reporting a 13% increase in cybercrimes, a new headache is coming to fruition for IT leaders in ensuring their security systems can keep pace in protecting each new technology infrastructure.
This vulnerability lag, where gaps exist in an organisation’s technology strategy, means it’s only so long until more businesses become part of the statistic and compromise their most important asset: data.
The vulnerability lag
With COVID-19 came the need to rapidly implement new systems that supported evolving business practices such as remote working, contactless operations and providing consumers with practically ‘online everything’.
In fact, recent research from Veritas found that 88% of Australian organisations implemented new cloud capabilities or expanded their cloud infrastructure to support such new norms brought on by the pandemic.
In the rush to adapt and continue operations, functionality and fast delivery were often prioritised over security. The question is, with a flash of new innovations being introduced, when will IT leaders put priority on the protection capabilities that must follow?
Unfortunately, when it comes to protecting their IT environment, too many organisations are now lagging behind where they need to be. A staggering 63% of respondents surveyed confirmed they have recognised gaps in their protection strategy, while just only 53% could state the exact number of cloud services their organisation uses.
All too often, the need (and also desire) to innovate at speed throws the required balance for robust security out of kilter. This intervening period creates an alluring window of opportunity for cybercriminals, where an organisation’s systems and data are left wide open to attack.
But just how vulnerable are businesses as a result of this lag? And what are the implications for businesses if they fail to take action to reduce the gap?
Giving criminals the key
If you think of all the information saved within the folders and servers of your own work computer, it is evident that businesses have largely turned to digital or the cloud when it comes to data storage.
From confidential client contracts, sensitive company documents and even highly personal data, valuable business information is becoming increasingly fragmented across various technology models.
As cybercriminals become more diligent and strategic, a significant risk will continue to exist while protection environments do not align with the technology capabilities in place. This compromises the top priority that reigns over the industry: data privacy.
Think of it this way: you wouldn’t give a robber the key to the bank or a hacker the password to your systems, so why would you leave gaps in your security solutions? Security risks of this kind can lead to a host of damaging problems for businesses such as ransomware, compliance failures and unplanned downtime.
On average, Australian organisations have experienced about 9 hours of unplanned IT downtime over the past 12 months, and 88% have experienced unplanned IT downtime of any length of time. On top of this, Australian businesses, on average, have also been the victims of 3.68 ransomware attacks that caused disruption to their business — considerably higher than the global average of 2.57.
This goes to show that no business is immune from hackers and Australian enterprises must realise the importance of urgently addressing their vulnerability lags. Not only do ransomware attacks and downtime put pressure on IT leaders in getting the business back up and running quickly, it can also be very costly for businesses in terms of lost productivity, reputational damage and potential loss of data.
So, what strategies can organisations implement to shorten their vulnerability lag?
Rethinking security in the hybrid age
At the start of the pandemic, Australian businesses were right to prioritise the immediate task of empowering the shift to remote working. However, the time has come to address the security imbalances, to find concrete solutions that plug these vulnerabilities and regenerate operational security.
Our research revealed almost 90% of local IT leaders said it will take at least two years to close the gaps in their technology strategy as a result of COVID-led digital and cloud initiatives.
On average, organisations would need to spend US$2.3 million and hire 27 full-time staff in order to close the gaps in their technology strategy within the next 12 months.
However, there are ways for businesses to manage these obstacles by being smart in their implementation of protection infrastructures.
In order for organisations to protect themselves against vulnerability to data threats, their operational and protective environments must evolve in parallel: with every new application or system introduced into the organisation’s technology stack, new tools must be implemented to protect them.
A few simple measures could include:
- Simplification by selecting a single data protection platform that can operate across the entire data estate. Not only does this reduce the management burden, but it also provides automation and protection alongside maximum visibility.
- Adopting modern data-protection tools, such as artificial intelligence (AI) or machine learning (ML), that reduce the need for additional staff members and minimise the risk of human error.
- While it is important for your business to be secure, it is also important that your business is resilient. Work with a trusted partner that can protect all manner of workloads across any storage infrastructure and applications, to strengthen your ability to backup and, crucially, recovery your precious data in the instance of a cyber attack.
In the current pandemic, cybercriminals did what they do best and took advantage of the difficult situation impacting all organisations, and they are continuing to cause disruption as businesses attempt to recover.
With cybersecurity breaches not slowing down anytime soon, businesses face an uphill battle in ensuring they are effectively and securely managing their data. Now, it is imperative that IT departments double down their efforts to eliminate any vulnerability lags that exist due to pandemic-led innovations — for the price to pay is far too great to be ignored.
A new report released by Rapid7 investigates the double extortion trend pioneered by the Maze...
With cyber attacks expected to increase over the financial new year period, Chris Gibbs of Akamai...
The transition to hybrid or fully remote work has delivered new aspects in the security equation...