Tech-stacked world: How inaction creates fragile defences

Ransomware activity alone was up 50% year-on-year during the first half of 2023. We have seen a relentless rise in the number and sophistication of cyber threats, with ransomware incidents reporting a 13% increase and phishing incidents more than doubling in 2022. Yet, a recent survey found that 59% of businesses and 56% of non-profits reported a lack of knowledge or experience to implement effective cybersecurity measures.

This highlights a critical disconnect between the evolving cyberthreat landscape and the preparedness of organisations. Amid such dismal statistics, are organisations ready to accept a future where cyber breaches are an accepted norm in their daily operations?

The potential impact of a cyberattack has also become exponentially severe, spilling over from the digital realm into the physical. In November last year, Singapore suffered a cyberattack-induced outage that severely impacted public hospitals and polyclinics. This serves as a reminder of the significant repercussions on patient care, administrative tasks, and overall operations that such disruptions can cause.

With more critical infrastructure now housed in the digital realm, cyberattacks have the potential to seriously impede the lives of everyday people. For instance, if bad actors were to successfully attack a nation’s energy grid or public transport, the effects could be devastating to its population.

Get your cyber resilience shots in quick

In an era defined by pervasive digital connectivity and ever-evolving threats, not building cyber resilience is akin to not getting your vaccination shots for modern-day enterprises.

Many Chief Information Security Officers are shifting their focus toward more evasive and evolving attacks, such as ransomware and advanced persistent threats. These complex threats often go undetected by traditional cybersecurity tools, and even when detected, it is often too late as the damage is already done.

Taking heed on a national level

Due to the crippling effects a cyberattack can have on a nation, governments and regulatory bodies are also working to develop guidelines and standards which encourage organisations to embrace cyber resilience.

For instance, the recently proposed amendment to Singapore’s Cybersecurity Act is a significant step towards increasing the coverage of cybersecurity laws in the country. By including cloud data centre operators in the regulatory framework, the government is acknowledging the growing importance of securing data in the digital age.

The amendment also emphasises the need for robust cybersecurity measures, as a majority of organisations in Singapore have experienced cyber incidents. By bringing cloud data centre operators under the regulatory umbrella, Singapore aims to enhance cybersecurity and protect against potential threats in its evolving digital landscape.

Taking a look to the West, the United States’ NIST Cybersecurity framework 2.0 presents six core functions designed to organise cybersecurity outcomes at their highest level:

1. Govern: Establish, communicate, and monitor cybersecurity strategy, expectations, and policy, including assessment and continuous oversight.
2. Identify: Understand and document cybersecurity risks, processes, assets, software, data, threats, and weaknesses for protection.
3. Protect: Manage cybersecurity risks with safeguards: control user access, provide training, use endpoint security, and encrypt data.
4. Detect: Detect, analyse, and respond to cybersecurity threats promptly, involving staff and tools for effective mitigation.
5. Respond: Take swift action following a cybersecurity incident. Execute the response plan, analyse the incident, determine the root cause, prioritise actions, contain the damage, eliminate the threat, and collect data for future planning.
6. Recover: Restore affected assets and operations, assign recovery responsibilities, verify systems, communicate with stakeholders, and document lessons learned.

In an era dominated by the rapid rise of cybersecurity solutions and ongoing discussions about existing frameworks, organisations often deploy numerous cybersecurity tools, averaging 100 globally.

Take a step back, simplify things

This abundance of tools can complicate security infrastructure, making it harder to effectively resolve issues.

In this tech-driven landscape, it’s time to adopt a perspective that looks beyond adding more tech solutions. Instead of continuing the cycle of technological proliferation, a truly holistic cybersecurity strategy should focus on simplifying technology.

By reducing operational complexity and ensuring robust security measures, businesses can better safeguard their data and customer interactions. Organisations should consider partnering with experts to navigate the complexities of cybersecurity risk management.

As with all digital transformation projects, it will take time to implement the necessary policies and technologies to build up your organisation’s cyber resilience and foster a cyber resilience culture from within.

However, it’s crucial to start today – start having conversations with your IT team and seek out partners experienced in fostering cyber resilience within organisations.

This edition of the ConnectED Thread is an article by Vaibhav Dutta, originally published by the Frontier Enterprise. You can read it here.

Visit our Cyber Security solution page to learn more about how we can partner with you to secure your digital assets effectively.