How the Enterprise Can Upgrade its Cybersecurity Strategy
By B Capital
Enterprise cybersecurity risks are constantly evolving, and in today’s corporate environment, the strategies of yesteryear no longer adequately protect critical digital and data assets.
Despite a growing security threat, intensifying macroeconomic pressures may tempt businesses to cut cybersecurity spend. But experts agree it would be unwise and highly risky. “The harder the economy gets, the worse cyber threats will inevitably get,” warns cybersecurity expert and Boston Consulting Group Managing Director & Partner Paul O’Rourke. “In past downturns, cyber breaches have gone up.”
Luckily, recent BCG data finds that about one-third of corporate IT buyers expect to increase security infrastructure spend going into 2023. Increasing security and mitigating risks ranked as the third-top priority for IT business leaders, outranked only by driving digital transformation and enabling company growth.
As businesses digitize and grow, though, the landscape of their cyber vulnerabilities is changing, and the enterprise must upgrade its cybersecurity strategy accordingly.
Expanded Attack Surface
IT modernization efforts are driving more sensitive enterprise data into the cloud, while COVID-fueled workforce shifts created a larger population of employees working remotely and outside of the corporate perimeter. Both trends have multiplied the potential points of entry into the enterprise for bad actors.
“What remote work has done to organizations is expand the overall attack surface away from just a corporate environment to one that now extends into the employee’s home,” says Jay Kaplan, CEO and Co-Founder of cybersecurity testing platform and B Capital portfolio company Synack. “That presents a whole new set of challenges for organizations.”
Amit Bareket, CEO and Co-Founder of cybersecurity experience platform Perimeter 81, another B Capital portfolio company, agrees. The firewall, once the bread-and-butter of network security, now protects empty offices, and employees use work devices connected to insecure home networks. He says it’s a shift that “needs to push businesses to rethink the way they secure themselves, and what technologies they’re using.”
Not only are businesses contending with an expanded attack surface, but they’re also combatting cybersecurity fatigue, creating what Bareket describes as the “cybersecurity complexity gap.” Contrary to what businesses might think, the more cybersecurity solutions deployed, the less secure they may be. Employees can grow overwhelmed with the various platforms in use and workflows required to maintain security, leading to ignored multi-factor authentication requests, or a continued reliance on the same-old insecure passwords.
Even the largest enterprises—especially the largest enterprises—are vulnerable. In an organization with thousands of employees, sometimes it only takes one worker to click on a malicious email link to wreak havoc across the business.
“Most large enterprises, believe it or not, have zero-day vulnerabilities sitting out in the open,” Kaplan says, referencing vulnerabilities that have been discovered in a system, but not yet been addressed or patched. “I think we’re still very focused on the basics.”
Until businesses large and small can get back to those basics—proper patch management programs, security testing, adherence to multi-factor authentication and strong password habits, to name a few— they will be unable to address the growing risk of more sophisticated attacks businesses are seeing as their attack surfaces expand.
A Proactive Approach
Between expanding attack surfaces, security lapses at the home office, and cybersecurity fatigue that prevents corporates from successfully deploying even the most basic of security strategies, business leaders can feel overwhelmed at the prospect of securing their enterprise.
Luckily, there are tactics they can use to meet cybersecurity demands of the modern day.
Consolidation of cybersecurity solutions will be key to providing a more user-friendly experience for employees, and can offer a more cost-effective strategy to security. Amid an ongoing cybersecurity talent gap, organizations are forced to outsource and crowdsource their cybersecurity solutions, notes Kaplan. Deploying a holistic, streamlined solution is imperative.
Bareket says he’s seeing an encouraging trend among businesses that are embedding solutions like Perimter 81, which deploys a zero-trust approach, meaning that by default, anyone outside of the corporate network is not trusted. They’re also turning to segmentation, in which the architecture of a network is divided to prevent the spread of an attack should it occur.
In addition to regular employee training and education, a proactive approach to cybersecurity might also include crowdsourcing “white hat” hackers to identify existing vulnerabilities, as well as deploying on-demand penetration testing—two solutions offered by Synack.
“If you can prevent an attack from ever occurring, you don’t need to spend as much money on the reactive side,” says Kaplan. No company can ever be 100% secure, he notes, but rather than fuel investments into attack response strategy, it can be more effective to prevent attacks from happening in the first place.
Bareket agrees that in today’s complex enterprise ecosystem, acting before an attack hits will be essential to enterprise cybersecurity. “The earlier you start to prepare and adjust your legacy security and infrastructure, the better you succeed—and save a significant amount of effort and dollars going forward.”