Security Boulevard (Original)

Cybersecurity and Operational Resilience in 2022

2021 was a record year for headline-making cyberattacks. A Chicago-based insurance firm, CNA Financial, paid a $40 million ransom to recover their data; not to mention the attack on Kaseya in which the hackers successfully penetrated the defenses of the widely used software and distributed the malicious files through standard update channels. 

The probability of a cyberattack affecting your business is no longer a case of ‘Will it happen?’ but a case of ‘When will it happen?’ To ensure preparedness, organizations must have robustly developed, planned and tested risk and resilience frameworks in place. In the risk climate of today there is no room for mistakes. One slip-up can be detrimental to a business. Organizations must adopt a holistic approach to resilience and be proactive in making all business decisions with operational resilience in mind.

As we reflect on the past year, it raises the question: How can businesses take advantage of cybersecurity to build customer trust in 2022?

Greater Focus on Cybersecurity Programs

The effects of a cyberattack can be devastating leaving services inoperable. Businesses can experience severe financial loss and could leave some customers uninsurable due to poor cybersecurity hygiene. In 2022, businesses will face a greater expectation of accountability in minimizing risk as underwriters are more aware of what kind of risk controls make effective cybersecurity programs. 

They will need to provide evidence to the cyberinsurance provider that they have robust and structured processes and policies in place to prevent a breach as much as possible. To ensure businesses are secure, there are several options for business leaders: They can consider integrating AI, machine and deep learning systems to protect their systems further. It is no secret that humans are the weakest link in the data security chain. AI has increasingly become a critical technology for filtering out false positive alerts, analyzing user behavior and examining the massive amount of business data to discover anomalies. Further, business leaders should consider implementing zero-trust access as a secure option to control remote access to specific applications and network resources. The zero-trust security model assumes that a breach has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.

Organizations are spending more than ever on cybersecurity. The increase in adoption of next-generation firewalls or firewall-as-a-service (FWaaS) has helped fortify the digital perimeter and has forced hackers to alter their attack methods. The bad actors are finding it much easier to infiltrate networks through phishing attacks, for example. The FBI reported a 110% increase in phishing attacks in 2020 compared to a year before. Phishing will likely remain a significant threat throughout 2022.

The truth is that most sophisticated anti-phishing tools are not 100% effective. A considerable number of phishing emails always manage to pass through the checkpoints. More needs to be done to fight this type of attack. Annual security awareness training and periodic phishing campaigns are no longer enough. Creating a security-focused culture, frequent interactive cybersecurity exercises and games, security ambassador programs, lunch-and-learn events, etc., helps spread awareness. Additionally, it is essential that employees feel comfortable reaching out to the information security teams for any anomaly they have noticed without feeling embarrassed if the alert turns out to be a false positive.

Robust cybersecurity requires a full understanding of where your organization currently stands and a thorough understanding of the risk landscape you are facing. Once you understand where you currently stand, decisions can be made to ensure your organization is protected and resilient.

Harness Operational Resilience to Build Trust

Trust is an invaluable brand asset in business. Especially during a crisis, businesses must ensure they keep their promises to customers. There is never a good excuse for breaking promises when it comes to building customer trust. Whether a devastating cyberattack or natural disaster, how leaders respond to crises can build or break a business. The multiple global disruptions we have seen recently should make business leaders realize they must futureproof their business to maintain their reputation. 

To achieve that level of trust, comprehensive operational resilience must be implemented to withstand multiple crises. Trust and operational resilience go hand-in-hand. The best way for a business to react is to be better prepared. Preparedness means businesses need to model and simulate their business to identify the vulnerabilities and implement adequate mitigations.

Ongoing cyberintrusions pose an ever-greater threat to businesses and their customer relationships. Agility is the key to successful businesses today, and leaders must treat it as such. Robust operational resilience will foster trust between employees, customers and partners and ensure the business can quickly and proactively manage and respond to a crisis.

Operational Resilience is a Top Priority in 2022

2021 proved the cybersecurity risk landscape is changing fast. Cybercriminals try to stay one step ahead of vulnerabilities and trends in business to capitalize on the shortfalls of business cybersecurity protocols. Implementing the proper cybersecurity protections for your business now is more important than ever to ensure your business is ready for when the next disruption hits. 

In turn, your business will see a return on its investment from investing in adequate cybersecurity protections.

The ability to deliver on your brand promise despite the disruptions affecting your competitors will set you apart as a market leader. The trends we have seen take over the cybersecurity industry in 2021 do not appear to have an end in sight. The time is now to protect yourself and ensure operational resilience is a top priority in 2022.

Safi Raza

Safi Raza, who has more than 15 years’ experience in information security, is Director of Cybersecurity at Fusion Risk Management.  Prior to joining Fusion, Safi spent 14 years at Rosenthal Collins Group, where he spent eight years in training and six years in information security.  Safi was responsible for overseeing the e-Trading Services Department where he helped introduce, adapt and support new and improved trading technologies.

Recent Posts

USENIX Security ’23 – Log: It’s Big, It’s Heavy, It’s Filled with Personal Data! Measuring the Logging of Sensitive Information in the Android Ecosystem

Authors/Presenters: Allan Lyons, Julien Gamba, Austin Shawaga, Joel Reardon, Juan Tapiador, Serge Egelman, Narseo Vallina-Rodriguez Many thanks to USENIX for…

13 hours ago

A Deep Dive into the 2024 Prudential and LoanDepot Breaches

The post A Deep Dive into the 2024 Prudential and LoanDepot Breaches appeared first on Votiro.

1 day ago

SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure)

CISA issued two separate advisories related to malicious behavior exhibited by threat actors. AA24-060A pertains to Phobos Ransomware and AA24-060B…

1 day ago

Response to CISA Advisory (AA24-060A): #StopRansomware: Phobos Ransomware

AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA24-060A) which disseminates known Tactics,…

1 day ago

USENIX Security ’23 – Vivek Nair, Dawn Song – Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open…

1 day ago

What Does The Mother of All Breaches (MOAB) Mean for Organizations?

What does the colossal data leak, the Mother of All Breaches (MOAB), mean for businesses around the globe? Recently, we…

1 day ago