Cyberattacks aren’t a new concept, but the cyber threat landscape — the methods, bad actors and risks — is constantly evolving. And the financial ramifications for businesses are reaching astronomical proportions.
The global average cost of a data breach hit $4.35 million this year, according to a recent IBM report, but that pales in comparison to the United States, where the average data breach is $9.44 million. The number of breaches caused by ransomware grew 41% year over year, per the same report, resulting in $4.54 million in damages on average. If the attack was deemed “destructive,” the figure grew to $5.12 million.
Cyberattacks, unfortunately, aren’t the only risks companies must prepare for. As climate change gets worse, floods, wildfires, hurricanes and other extreme weather events threaten to derail businesses and wreak havoc in ways we can’t yet realize.
Now more than ever, organizations must act swiftly to ensure they can remain resilient in 2023 and beyond. Here are vital steps you should take in the year ahead to make this a reality.
Plan for the human element
For all the security solutions and services businesses invest in to stay ahead of cyber threats, there’s one area they often overlook: their people.
The same IBM report revealed that the most common initial attack vectors were compromised credentials (19%), phishing (16%) and cloud misconfiguration (15%). Half of the breaches in the study resulted from some form of human error.
Your organization can be equipped with all the security controls on the planet, but none of that matters if your employees give hackers the proverbial keys to the kingdom. So, it’s vital to put resources into training your employees. Educate them on common phishing trends and tactics. Regularly perform mandatory security and compliance training to help them remain vigilant and alert.
Assume that humans will be humans — and plan accordingly. Utilize a zero trust, least privilege access model with all the components of a strong defense in-depth solution. Most importantly, presume that a bad actor will eventually get into your system and prepare for the worst. Regularly test your DR and incident response plan, and have offsite, immutable, air-gapped backups to restore into a cleanroom for forensics in the event of a successful cyberattack.
Build a culture of security
There’s no one size fits all when it comes to resilience — every organization is different. But creating a culture of security is something every business can do.
Perform a point-in-time assessment of your company’s program. This will enable you to have a clearer understanding of your technical controls so you can prioritize your needs and remediate vulnerabilities quicker.
Identity the threats that most impact your business and align your defenses accordingly. Determine how your systems are maintained and how they’re patched to ensure that the environment you’ve built remains secure over time.
Don’t forget about training your employees, either. They are essential to building resilience within your organization. When everyone is aligned, it’s much easier to maintain a sustained culture of security.
Don’t skimp on DR
Public cloud adoption is on the rise. Gartner projects that worldwide end-user public cloud spend will increase 20.7% to $591.8 billion in 2023, up from $490.3 billion in 2022. But moving to the public cloud doesn’t mean you no longer have to worry about disaster recovery (DR) — it’s the opposite in fact.
When you migrate workloads to a public cloud, you must design your production environment to eliminate any single points of failure. Think about the availability zones. Make sure that your resources are available regardless of what happens on the production side of the business. Additionally, have a DR region within the public cloud platform that lets you replicate your workload, systems and applications and ensures that, if there is an extended number of updates within the production region of the public cloud provider, you can go back to the DR region and bring up the systems and applications you need.
Along with increased public cloud adoption, more businesses are turning to software as a service (SaaS) providers. Again, this doesn’t mean you can overlook the resilience of these third-party partners. If you sign up for any SaaS provider, make sure that resilience is built into their offering.
Commit to resiliency in 2023 and beyond
Threats are growing in volume and complexity, and businesses must prioritize resiliency to ensure they’re prepared to handle varying degrees of disruption and downtime.
Now’s the time to thoroughly examine your environment and processes, and shore up any vulnerabilities that leave your organization susceptible to risks. By taking measures to reduce human error, cultivate a culture of security and keep your DR plans up to date, you’ll be better positioned to stay resilient in 2023 and beyond.