The cybersecurity breaches of 2020 were a reminder to organisations around the world of the heightened importance of cybersecurity, which is a board-level issue now for many firms. According to the World Economic Forum’s Global Risks Report 2021, cyber risks continue ranking among global risks. The COVID-19 pandemic has accelerated technological adoption, yet exposed cyber vulnerabilities and unpreparedness, while at the same time exacerbated the tech inequalities within and between societies.
In 2021, it is critical to elevate cybersecurity as a strategic business issue and develop more partnerships between industries, business leaders, regulators and policymakers. Just like any other strategic societal challenge, cybersecurity cannot be addressed in silos.
Here is a list of five main cybersecurity challenges to consider and tackle in 2021.
Complex challenges
Digitalisation impacts all aspects of our lives and industries. There’s rapid adoption of machine learning and artificial intelligence tools, as well as an increasing dependency on software, hardware and cloud infrastructure.
The complexity of digitalisation means that organisations are fighting different battles — the wave of ransomware attacks to the pervasive impact of a compromised provider of widely-adopted network management systems.
The blurring line between digital and physical domains indicates that organisations will only be secure if they incorporate cybersecurity features, principles and frameworks, which is necessary for all organisations, especially those with high-value assets. In today’s battles, organisations have to adapt to fight against attackers that are silent, distributed, varied and technically savvy.
Fragmented and complex regulations
Organisations, meanwhile, must navigate both a growing number and increasingly complex system of regulations and rules, such as the General Data Protection Regulation, and many others worldwide.
Privacy and data protection regulations are necessary, but can also create fragmented, and sometimes conflicting, priorities and costs for companies that can weaken defence mechanisms. Within organisations’ budgetary boundaries, companies have to defend and protect against attacks while they also seek to comply with complex regulations.
Multiple policies add complexity for businesses that need to comply with all regulations, and this complexity introduces its challenges to cybersecurity and data protection, not always improving them. Policies must be creative in increasing protection while decreasing regulatory complexity. Cooperation among different policymakers is critical.
Also Read: Winning Cybersecurity Like a Gamer
Dependence on other parties
Organisations operate in an ecosystem that is likely more extensive and less certain than many may recognise. Connected devices are expected to reach 27 billion this year globally, driven by trends such as the rise of 5G, the IoT and smart systems. In addition, the boom in remote work that began with the pandemic is expected to continue for many. The concentration of a few technology providers globally provides many entry points for cybercriminals throughout the digital supply chain.
The ecosystem is only as strong as its weakest link. The recent attacks against FireEye and SolarWinds highlight the sensitivity of supply chain issues and dependence on providers of IT functionality and services. Organisations must consider what the breadth of this exposure really means and must take steps to assess the real extent of their entire attack surface and resilience to threats. An inclusive and cross-collaborative process involving teams across different business units is vital to ensure there is an acceptable level of visibility and understanding of digital assets.
Lack of cybersecurity expertise
Preventative measures for ransomware or any other cyber-attack should include preparation: backing up IT resources and data, making sure there is continuity of operations in disruptions to computer systems, and drill and train the organisation in realistic cyber response plans.
Businesses that actively adopt cybersecurity and improve their cybersecurity infrastructure are more likely to be successful. Security by design and by default is becoming integral to success.
Organisational priorities should include a proactive plan for each business to build and maintain its own cybersecurity workforce. With security expertise becoming so difficult to source and retain, organisations should consider cultivating this talent organically. Organisations must also recognise that mobility is implicit in the modern technology workforce. It will be important to plan for the expected tenure of experienced professionals and recognize the long-term benefits that will accrue from a reputation for cultivating this expertise, transmitted from veterans to newcomers entering the field.
Also Read: One Year of GDPR: Privacy Laws, Data Breaches, and the Impact of Regulations
Tracking cyber criminals
Being a cyber criminal offers big rewards and few risks since, until recently, the likelihood of detection and prosecution of a cybercriminal was estimated to be as low as 0.05 per cent in the US. This percentage is even lower in many other countries. Even when not obscuring criminal activity through techniques such as dark web tactics, it can be very challenging to prove that a specific actor committed certain acts. Cyber crime is a growing business model, as the increasing sophistication of tools on the darknet makes malicious services more affordable and easily accessible for anyone that is willing to hire a cyber criminal.
Policymakers can help by working with cyber crime experts to establish internationally accepted criteria for attribution, evidence, and cooperation in pursuing cyber criminals and bringing them to justice.
It’s important to continue to adapt and take cyber risks seriously by planning, preparing and educating. Since it is a universal issue, open communications between corporations, policymakers, and regulators are a critical key to success. Until security features become integral to technology – seamless, transparent, and naturally usable by people – business leadership should pay serious attention to cybersecurity.
