Enterprise Architecture and Technology Optimization
How mature is your cybersecurity: Understanding the 3 levels
In our hyperconnected world, as every sector of society is becoming digitalized and increasingly technology-dependent, cyberattacks are also multiplying and becoming more complex, which has led to a spike in spending. According to the Canadian Centre for Cyber Security, approximately 38.5 billion devices will be connected to the Internet by 2025, and cyberattacks will occur every 39 seconds. The global information security market is expected to be worth nearly US$175 billion by 2024. On top of all that, the COVID-19 pandemic has led to a significant surge in cyberattacks. The shift to remote work has made companies more vulnerable and subsequently forced them to tighten their security measures.
Given today’s breakneck pace of digital transformation, it’s important now more than ever to consider how cybersecurity should be integrated into transformation projects at every level. Cybersecurity goes well beyond antivirus software. It means having the right skills to protect your assets and minimize risk.
Though you might be familiar with the concept of cybersecurity, it can still be hard to fully grasp. That’s why we’ve enlisted Frédéric Claudinon, an IT Strategy and Management Consultant, to break down everything we need to know about cybersecurity, including what it entails today and the importance of choosing good security partners. Strategic partnerships support you throughout your digital transformation and enable you to maintain high levels of security without you having to make major investments in tools, additional expertise and human resources. So when reviewing your digital transformation strategy, it’s key to think about how you will manage cybersecurity and integrate partners. Even if you believe that your team is hitting their performance goals, it is always difficult to identify blind spots. Receiving support and guidance from qualified experts is the best way to ensure you’re not overlooking any aspect of your cybersecurity.
The 3 levels of cybersecurity for your transformation projects
Unless you have your own cybersecurity team and a high degree of organizational and technological maturity, you’re probably overwhelmed by flashing indicators everywhere: alerts, events, investigations, incidents, vulnerabilities. But where to begin? Let’s start with the basics. Cybersecurity is actually simpler than you may think. Essentially, you set up barriers, keep an eye on what’s going on and then govern everything. In order to seamlessly tackle any and all cyberchallenges, it helps to break down cybersecurity into 3 different levels: basic services (barriers), advanced services (monitoring) and governance.
Level 1: Basic services to secure the perimeter
To begin with, picture the foundation of cybersecurity as building a security perimeter, a.k.a., a barrier to protect all of the organization’s internal data. Most companies rely on a certain amount of basic services (firewall, proxy, antivirus, etc.) to prevent outside threats from breaching the perimeter, i.e., from accessing internal information.
Basic security measures explained
Nowadays, basic security solutions are no longer so straightforward. Most industries are feeling the effects of the COVID-19 pandemic, and cybersecurity is no exception. While remote work was, of course, necessary, it has also made it more challenging to keep company data secure. Hackers are exploiting the weaknesses inherent to the increased access points needed for remote work. Organizations have had to adapt and invest in strengthening their systems to get the same level of security as before. Whereas the “perimeter” once extended only around the company, it now includes remote employees. This shift has necessitated a modified approach to software management.
Expanding these services beyond the office doesn’t stop there. All industries are currently grappling with the global labour shortage. With fewer employees at their disposal, many organizations have started outsourcing some operations. As a result, external partners must be securely integrated into the company’s ecosystem. But how do you make sure your partners’ access to the environment is secure? You have a number of options, including desktop virtualization, which is fast, easy and effective. You can solve labour shortage issues with this method by letting external partners connect to your company’s IT environment remotely.
Level 2: Advanced services to monitor the perimeter
Advanced solutions enable you to identify and anticipate incidents cause by the use of basic services. They include a number of detection tools that target abnormal behaviour in your network, some of which may require further investigation (e.g., many destroyed or shared files, multiple access attempts, ransomware, etc.). You can then add increasingly sophisticated detection tools that can not only spot threats, but also automatically respond to them. Other, even more advanced tools let you see and analyze what’s happening outside the perimeter (e.g., on the Dark Web), which could be important given the nature of your company. Advanced services can also deal with vulnerabilities. These tools analyze your computers and detect potential system weaknesses. However, for these tools to be effective, you have to be able to implement the appropriate solution or at least mitigate the risks. This is all the more important when your company has a significant technological debt or a high concentration of vulnerabilities.
Advanced security measures explained
That said, it is important to stress that this second level is not only about installing new protection and monitoring software, but also about being able to do a follow-up and maintenance, either with internal or external resources. These combined solutions, which we are referring to as advanced security, can actually be a source of added risk and danger if you get too overwhelmed by alerts without actually being able to better control them. One way to collect and centralize incident alerts is through SIEM software. However, just because all the data on antivirus, logs, firewalls and other systems is in one place does not mean that you’ll have fewer alerts. …And that’s not all. As viruses become more and more sophisticated, software must adapt too. Antivirus alone is not enough. Some companies are adopting more intelligent emerging solutions, like Endpoint detection and response (EDR), which monitors network events and stores the information in a centralized database.
Once again, the problem is the number of alerts that companies have to contend with. Employees are exhausted by the sheer amount of information to keep track of. This “alert fatigue” can desensitize them to the threat of cyberattacks. So, how can companies cope with the ever-increasing number of alerts? Again, outsourcing may be the solution. For advanced services, you can look into a Managed security service provider (MSSP). MSSP is an outsourced solution that provides services at all times to deal with incidents and retain an acceptable security posture. The onslaught of advanced security alerts and increasingly complex and frequent cyberattacks require businesses to find solutions, oftentimes outside their company, in order to be as vigilant as possible.
Level 3: Governance
The final level of cybersecurity is governance, which entails understanding your organization’s stakeholders, their roles and responsibilities, establishing a systems management plan and maintaining the perimeter. To learn more about this 3rd level, keep an eye out for our next article on IT governance.
Read the article on IT governance
If you have any questions about cybersecurity and how it fits into your organization’s digital transformation, contact us! We have helped many clients incorporate cybersecurity into their IT strategy and process mapping projects. By better understanding where you are, your company can figure out where it wants to go.