Setting cyber security priorities is essential for all organisations. Cybercrime across the world cost a total of $6 trillion in 2021, and is expected to hit a colossal $10.5 trillion by 2025¹. On top of that, around 68% of business leaders feel that their cyber security risks are still increasing.²
Given these facts, it’s not surprising that Gartner has forecast worldwide information security and risk spending to soon reach over $150 billion.³ While it’s good news that organisations are taking the threats posed by cybercrime seriously, simply increasing the resources they deploy to combat it isn’t enough.
Resources are finite for any organisation, and building a robust cyber security strategy requires understanding where and how resources should be prioritised, reviewed and optimised.
Due to the ever-evolving nature of threats organisations face, agility is crucial in cyber security and risk management. Organisations need to shift their postures to focus on specific elements of their strategies to ensure optimised security outcomes.
That’s why in this blog, we’re going to examine some of the specific cyber security priorities organisations should be looking at in 2022 and beyond. Let’s get started.
Suggested reading: If you want to learn more about the future of cyber security, check out our free eBook — Planning For The Future Of Cyber Security Today
One: Identifying New Threats
One of the reasons why an organisation’s cyber security strategy needs to be an ongoing journey rather than a destination is because new risks continue to emerge. Agility is critical to helping organisations overcome this.
Central to success is the ability to identify which threats need to be prioritised. Threat identification is all about organisations gaining an understanding of what their specific vulnerabilities are, thereby facilitating preemptive action that minimises the chances of a successful breach emerging from these areas.
New cyber security threats emerge every year, and 2022 has been no different. Some of the most significant threats that every organisation is potentially vulnerable to, and thereby should be aware of, include:
- Social engineering: While already an established tactic for cybercriminals, social engineering continues to evolve, with techniques like phishing attacks and email impersonation becoming more sophisticated. For example, cybercriminals are now taking advantage of real-life events and developments to look more realistic and appealing. This includes focusing on COVID-19 and cryptocurrency.4
- Cloud vulnerabilities: As more and more organisations move operations and processes to the cloud, it has become a much bigger target for cyber-attacks. It’s not surprising then that cloud security is the fastest-growing cyber security market segment, increasing 41% between 2020 and 2021 with no signs of slowing down.5
- The Internet of Things (IoT): With the continued popularity of smart devices amongst businesses and consumers, attacks on IoT devices have spiked in recent times. As a result, organisations across every industry need to start focusing on security for IoT devices to minimise the chances of a successful attack.
- Ransomware: The impact and volume of ransomware attacks has rocketed in recent years. Unfortunately, this is a trend that shows no sign of slowing down, with attacks becoming even more sophisticated.
- Ransomware-as-a-Service: This subscription-based ransomware model has made attacks easier for criminals by providing wider access to the tools required to carry out an attack. As such, the number of attempted breaches we see each year looks set to continue rising.
Given the rise of these and numerous other threats, organisations need to be able to identify the top cyber security challenges they face and put strategies in place that keep them protected from the consequences of a cyber-attack. This can take many forms; perhaps the most commonly known is penetration testing, a simulated cyber-attack on a system that looks to evaluate system security and thereby identify where cyber security efforts should be prioritised.
Two: Overcoming the Risks of Remote Working
While it’s not new, remote working has increased significantly in recent times, primarily due to the outbreak of COVID-19. However, post-pandemic, hybrid work patterns have become the new normal for organisations all over the world.
This trend has had some positive outcomes in the workplace. However, remote working cyber security threats have increased as hackers develop new methods of attack. As a result, in 2022, organisations need to find ways to overcome the security challenges posed by remote work, which include:
- Employees using personal devices without enhanced security features as they work from home, creating numerous entry points for hackers.
- Malicious actors have more opportunities to harvest confidential information due to employees accessing corporate systems using unsecured networks.
- Workers sharing personal data, including sensitive client information, on a regular basis. Unencrypted file-sharing increases the chances of data being intercepted, which can result in fraud or damaging ransomware attacks.
Although most organisations have already had to adjust to remote working over the last two years, many are still struggling to combat the threats it can pose. As such, security teams must share remote working tips with their staff to ensure risks are mitigated as much as possible. This can include:
- Keeping equipment safe at all times
- Implementing antivirus, email security and web security
- Using strong passwords and changing them regularly
- Avoiding the use of public Wi-Fi whenever possible
- Using a secure, properly configured remote access method like a VPN
The implementation of these and other strategies cannot protect an organisation entirely from the threats that arise from remote work, but given that it is clearly here to stay, it is crucial that the challenges it represents become a priority for organisations moving forward.
Three: Focusing on Internal Training
Investing in in-house training should now be a key focus across industries, as it can function as a cost-effective method for increasing cyber resilience. This is particularly true within the context of more and more sophisticated phishing attacks.
The probability of an organisation falling victim to a social engineering attack decreases significantly when employees are given security awareness training that helps them identify the latest cybercrime trends and techniques.
However, it’s crucial to remember that security training cannot be confined only to IT staff. Employees across the entire organisation need to be given practical training that keeps them up to date with new modes of attack to minimise threats.
As such, organisations need to start making the implementation of training best practices a priority to enhance their security postures. This includes:
- Sharing password security best practices
- Making cyber security part of the onboarding processes
- Investing in training across the organisation
- Making training a continuous process by offering refreshers
The shift towards more remote working outlined above also increases the importance of cyber security training. With the threats posed by remote working, organisations must tailor training to remote workers to ensure compliance with essential security best practices.
Set Your Cyber Security Priorities and Stay Secure with Six Degrees
Understanding where resources need to be deployed and how is an essential element of building a comprehensive cyber security strategy. Unless an organisation can identify what their priorities should be and how to act on them, their security strategy is unlikely to be successful.
As a result, organisations must take the time to analyse their cyber security maturity and examine whether their allocation of resources needs to be adjusted to enhance security and digital resilience.
Here at Six Degrees, we can help you do just that. We’re committed to using our experience to deliver a range of on-demand services that mitigate cyber threats, improve incident response and ensure our clients make the most of their resources.
Our cyber maturity analysis considers the strengths, weaknesses and risks of an organisation’s setup, providing a foundation upon which you can build a comprehensive cyber security strategy that focuses on critical priorities and business continuity.
If you’re ready to set your cyber security priorities and identify whether you need to prioritise, review or optimise your resources, and start building an effective cyber security strategy, check out our Cyber Security Maturity Calculator today.
Subscribe to the newsletter today
The metaverse is the latest shiny thing that…