Cybercriminals look to exploit any change in digital behavior to launch new phishing and cyberattacks. And with the increased digitization brought about by COVID-19, cybersecurity has become a top priority on the executive management agenda. But what is good security practice? And how do you build a well-prepared security response?
Almost half of the respondents (45 percent) in NNIT’s Expectation Barometer 2021 Survey believe that cybercrime is the company’s biggest short-term threat right now - and not without reason. The increased digitization that companies have undergone the past year has significantly upgraded the threat level, and companies need a fast security response that can safely navigate immediate hacker attacks and keep cybercriminals at bay.
According to Brian Troelsen, Head of Market Intelligence and Partnerships at NNIT, cybersecurity is clearly a business-critical area that has only become more pertinent for companies:
"Cybersecurity has come to the fore with the company’s top management and board. In recent years, it has become even more evident that cyberattacks can be devastating for companies and have ramifications far into the future, impacting both bottom line and reputation if the problem is not addressed in time," he says:
"This increases the expectation for companies to set up KPIs for security efforts and regularly form an overview of the current threat situation, reporting upwards to management. This can no longer just be an annual event. At least not if they want to react quickly when digital bandits plan their next hacker attack."
Focus on digital burglar alarms
Although a large proportion of respondents in the survey consider cybercrime to be the biggest threat in the short term, it is also one of the areas that they has worked the most to protect themselves against future threats. This year’s survey shows that 40 percent of respondents have strengthened their digital and/or physical security measures to increase their resilience.
According to Brian Troelsen, this is a consequence of COVID-19, which has made digitization an integrated part of more areas of our lives. Both when it comes to the way we work and the goods and services we use:
"During the past year, many employees have been working from home on insecure internet connections while dividing their attention between home-schooled children and cryptic emails. Cybercriminals are cunning, and they exploit any change in behavior to create new entry points and launch new phishing attacks to trick innocent employees," he continues,
"We can also see that criminals have increasingly shifted their attention to digital platforms, as it has, for a long time now, not been possible to rob physical stores. This means that, as a company, you can no longer just settle for protecting yourself against theft at your physical business premises. It is at least as important to ramp up on digital burglar alarms in the form of a stable security setup that actively counteracts any potentially lurking threats."
Automate your lines of defense
However, protecting yourself against cyberattacks does not come free of charge. It requires dedicated resources that specialize in analyzing a large amount of data collection points and resources that can distinguish between white noise and actual threats.
This year’s Expectation Barometer Survey shows that almost one in three respondents (32 percent) indicate that cybersecurity specialists are among the most sought-after IT profiles right now.
"This does not come as a surprise. However, we can see that many companies would rather spend the salaries of five employees on maintaining a high level of security than those of 20 to maintain an appropriate level of security. But having such a low number of cybersecurity specialists employed can make them difficult to retain, as they do not get to be part of the specialist community that keeps them motivated," Brian Troelsen explains.
He believes that there are major gains to be made by replacing some of the human resources with AI-based automation tools:
"Among other things, you can use artificial intelligence that identifies unusual patterns and abnormal activity in real-time. Such technology improves response time, streamlines workflows, and reduces the money that would otherwise have to be used on specialized personnel."
Do not underinvest in IT security
This year’s Expectation Barometer Survey shows that more than one in three respondents (37 percent) expect their IT budget to increase as a result of COVID-19, while just over half (53 percent) do not expect their IT budget to change.
"Even if the IT budget does not change, there is a clear trend indicating that the percentage spent on IT security is expected to increase in the coming years. With regards to identity and access management, training of employees, ongoing security reviews, and ongoing monitoring and handling," he elaborates:
"You can run as many successful projects as you would like. But if you are not on top of your security, it will ultimately be what brings you down. It is therefore important not to underinvest in IT security. Consider the whole chain: Where are the weak links? Is it employees, customer interactions, your business partners, legacy solutions in your IT infrastructure, or something else entirely?
Ebbe B. Petersen, Cyber Security Director’s top three tips for a well-prepared security response
Finally, Ebbe B. Petersen highlights his top three tips for how, as a company, you can build a well-prepared security response equipped to handle the next crisis:
- Train your employees regularly: Most security breaches are caused by human error. By training your employees in applicable security procedures, they become an integral part of the work culture and share the responsibility of protecting the company from IT threats.
- Get an impartial security review: By nature, the world is difficult to predict, and security threats are constantly changing. In order to be well-prepared for unknown threats, it is a good idea to invest in ongoing security reviews where you have an impartial third party closely examine both your own and your suppliers’ security setup.
- Have the documentation in order: Increased focus on GDPR and data privacy in recent years has prompted significant interest in how companies store and use people’s data. Therefore, it is important to have the documentation to account for the data you collect, who you share it with, and what you use it for. It is not just about good data ethics. It is also good security practice, as you become aware of the data sources that might reveal potential threats.
How far have you come in your digital journey towards digital resilience?
You can still participate in NNIT’s Expectation Barometer 2021 Survey. By taking the test, you get a digital resilience score and the opportunity to benchmark yourself against nine digital leaders from some of Denmark’s largest companies. Take the test here.