The move to remote or hybrid working environments presented cybercriminals with opportunities to exploit new vulnerabilities. In addition, the rapid shift to new working models has introduced new complexities that impacted organisations’ security strategies. This pushed businesses of all shapes and sizes to ramp up their cybersecurity investments. Earlier in the year, a Gartner forecast revealed that global security and risk management spending would exceed $150 billion in 2021, a 12.4 percent increase from the year before.
However, despite increasing investments in cybersecurity, many IT and security leaders still lack confidence in their capabilities to defend their respective companies. In fact, a recent industry study revealed that 80% of senior IT and security leaders believe their organisations lack sufficient protection against cyber-attacks even after spending more on cybersecurity solutions.
“This is driven by a number of different factors,” said Hadi Hosn, CEO, Axon Technologies, a UAE-headquartered cybersecurity services company. “The threat landscape is constantly changing. It’s never stable or stale. A security solution that was set in place in 2020 may no longer be enough to protect your organisation today. IT and security leaders need to constantly update their security strategies to cope with the changing environments and address the evolving threats.”
According to Hosn, the events from the previous year have exacerbated the security challenges and concerns that many businesses face. Organisations were forced to undergo digitalisation in such haste that many have left cybersecurity as an afterthought. “This resulted in businesses needing to deal with a lot of complexities including distributed cloud infrastructure, misconfigured systems and solutions, and lack of visibility and control,” he explained.
Investing in new tech is not enough
Despite having multiple layers of security, organisations are still at a high risk of falling victims to cyber-attacks due to their workforces’ lack of cybersecurity awareness. Human error has been responsible for 95% of cybersecurity breaches, a recent industry study revealed. “At the end of the day, humans remain as the weakest links in combating cybercrime. The smallest wrong action – clicking on a link, opening an email or downloading a software – can cause significant disruptions to any business. Even if you have all the budget in the world focused on buying the latest security tools, if you don’t invest in increasing awareness and educating your workforce, you still run the risk of being breached,” said Hosn.
Changing security priorities
In 2021, as organisations across the globe adjust to the new way of working, many have embraced hybrid models and have rolled out plans to make such environments more permanent. This has transformed the way enterprises prioritised their security investments. Historically, security strategies and solutions have been geared towards protecting enterprise perimeters through firewalls. Today, with networks and endpoints distributed across multiple environments, organisations have shifted their focus to data- and identity-first security strategies.
“With the rise of hybrid environments and with employees situated across different locations, we’re seeing organisations adopt security frameworks that leverage cloud-first strategies,” said Hosn. “This allows them to have security controls that are available in their cloud environments. For example, hyperscalers such as Microsoft and Amazon Web Services (AWS) offer innovations with great sets of cloud security technologies. Organisations are looking for cloud-first solutions that are focused on protecting the data, the network or the data being transferred. They also require solutions that ensure that the right governance framework is in place.”
Hosn further explained that more and more organisations are also implementing Zero Trust frameworks. A zero trust framework is not about a single product or solution, instead, it’s a strategy that takes people, skills, processes and technologies into account. It is built around the concept of ‘never trust, always verify’ and ‘assuming breach.’
“We recommend organisations look at these frameworks with a holistic view across both hybrid and on-prem environments. If they can build a strategy that incorporates the concepts of cloud-first, zero trust and industry standards such as the National Institute of Standards and Technology (NIST) cybersecurity frameworks, that could be a great starting point in navigating the hybrid world,” said Hosn.
Finding a trusted advisor
With numerous security solutions and frameworks available, finding the right one for your organisation can be a daunting task. It can be difficult to figure out where to begin when creating a security roadmap, this is where a trusted advisor can make a difference. A trusted advisor can take into account the full picture, aligning both the technologies and the processes that underpin the cybersecurity programme.
“Our vision is to be the strategic digital security advisor to our clients, helping them succeed in their digital transformation journeys as they navigate the changing landscape,” said Hosn. “Axon Technologies delivers over 30 different services within the cybersecurity ecosystem. We cater to a wide range of critical infrastructure industries including financial services, government, oil and gas and healthcare among others.”
Hosn highlighted that Axon Technologies helps protect its customers through its three key pillars. Firstly, it supports its clients to attain strategic readiness by providing them with the right controls, processes, people and governance. This ensures that they are well-prepared before a security incident happens. The second pillar is focused on technical assurance. The company helps assure its clients, regulators and third parties that they have the right security architecture in place by conducting due diligence such as technical systems testing, optimising security tools and evaluating staff. Lastly, the third pillar is centred on operations, where Axon Technologies become an extension of the clients’ teams and run security operations on their behalf.
“We pride ourselves with our people,” said Hosn. “Our team is comprised of subject matter experts across a variety of cybersecurity domains. We are also technology-agnostic. This means we don’t always pitch a single product or technology to a customer. Instead, we take a step back and look at the different risks to a specific organisation, ensuring that we provide them with the right people, process and technology that best fit their needs. Moreover, we also leverage a threat and automation-based approach to assess our customers’ needs. We apply several levels of automation to the security programmes we provide and keep them to date to align with the evolving threats.”
Looking ahead
Cybersecurity incidents such as ransomware, phishing attacks and data leaks are not going away soon and more cases can be expected in the coming year. To stay protected and ahead of threat actors, organisations need to recognise that in an ever-expanding threat landscape, purchasing the latest security product or technology is not the sole solution.
“While the technology is certainly an important component, it needs to be combined with the flexibility, adaptability and the experience of humans. There is currently a big concern in the cybersecurity industry today when it comes to the shortage of talents within enterprises. But there are organisations such as Axon Technologies that can help them address this gap,” said Hosn.
As for Axon Technologies, Hosn noted that the company will continue to invest in its Cyber Institute to help educate customers and their teams to handle their growing cybersecurity requirements. “We need to step away from thinking that technology is the fix for cybersecurity. Instead, it takes the combination of people with the right experiences and capabilities supported by technology to effectively navigate the evolving threat landscape.”
