As we all start to get a better view of what the future might hold, organisations need to look again at their security strategy. But first, we need to take stock.

After the initial shock of lockdowns and mass remote working, what have we learned from the past two years as we all attempted to adjust to the new reality?

You’re working in a landscape of increasing threats and vulnerabilities

The widespread shift to the cloud to support those working remotely has inadvertently created a much larger attack surface. The sheer number of new locations, devices, and networks organisations are managing today alone calls for a security rethink – a need that’s magnified by a year-on-year increase in threats. And the pandemic has magnified the problem, sending a huge wave of email scams, ransomware, and brute force attacks to disrupt companies.

High-profile incidents have underlined how every organisation needs to look again at its approach to security. The Colonial Pipeline attack in the US demonstrated how evolving ransomware can threaten key infrastructure.

Then the SolarWinds incident showed that every organisation must now assume their network has been breached, expecting sophisticated attackers to find a way in and then manage to stay hidden for some time. And the Microsoft Exchange exploits highlighted how easily software vulnerabilities can be an open door for widespread attacks.

These attacks also highlight how vulnerabilities exist throughout the supply chain and how much the definition of security perimeters has to change.

Growing threats, but shrinking expertise

It makes sense that, as you rethink your security approach, to ask for more from your security teams. And yet many organisations are turning to a resource that just isn’t there. Across the board, we’re feeling the effects of an emerging skills shortage.

Recently, BT consulted with over 7,000 business leaders globally and found that 56% of organisations feel they’re at risk due to cybersecurity staff shortages, and a further 22% are planning to further reduce the size of their security team. Will organisations be able to attract the skills they need to plug the gaps in their defences?

Confusion over the true state of security

Operating with a skeleton security team might work – if organisations could be confident they have the best available defences. However, the figures tell a different story. Our research uncovered a clear contradiction between how many organisations perceived their security and reality.

We found that 76% rated their IT strategy as ‘excellent’ or ‘good’ at protecting against cybersecurity threats, but that 84% also admitted their organisation had suffered a data loss or security incident in the previous two years.

So, what’s the true state of security? It looks like carrying on as they have before isn’t viable, and organisations need to bring in expertise to review their approach and secure their operations. But, interestingly, even though they’re struggling, 60% of companies say they’re uncomfortable outsourcing or using external security providers for support. It looks like their reluctance to give up some level of control could be putting them at unnecessary risk.

Look to the CISO to spearhead a new approach to security

The CISO stands at the heart of this conundrum and has the power to lead the organisation through it.

The CISO can’t be swamped by routine security tasks. They need the freedom to take a fresh look at security, identifying gaps and cutting through the noise to focus on what’s really important. Today’s CISO should be drilling down into areas where they can add the most value and helping to drive the transformational projects that will give the business an edge.

To make this a reality, organisations must be willing to look beyond the confines of their business for support and solutions. Collaboration with a trusted partner is a tried and tested route to freeing up the CISO to truly secure the organisation. But it means organisations have to be prepared to give up some level of control to an external provider.

Stay open to the possibilities and look again

Now is the perfect opportunity to look again at how you can secure your future. It’s a chance to review your priorities and look at how you can bake in security to your infrastructure, network, people, and processes.

By Kevin Brown, MD at BT Security.

Edited by Zintle Nkohla

Follow Zintle Nkohla

Follow IT News Africa

Sign Up for Our Newsletters

Get notified of the best deals on our WordPress themes.

You May Also Like

UBA & Cellulant Join Forces to Unite Africa’s Payments Ecosystem

Nigeria’s United Bank for Africa (UBA), and Cellulant, a leading Pan-African payments company, have announced a partnership that will extend payment services for merchants and consumers across 19 key African…
View Post

Here’s How Much MTN Spent During the ICASA Spectrum Auction

MTN announced on Thursday that it had secured the high-demand spectrum required for its 4G and 5G network expansion drive from the highly anticipated ICASA spectrum auction. ICASA announced that…
View Post

TymeBank Launches Medical Insurance App for South Africans

TymeBank, the South Africa-based exclusively digital retail bank, has announced a new partnership with National HealthCare for affordable medical insurance to consumers, through the launch of TymeHealth, an app-based offering…
View Post

4 Things You Need to Know About Achieving Efficiency in the E-commerce Era

E-commerce companies and platforms in South Africa experienced a rise in activity and profits triggered by Covid-19 lockdowns and social distancing restrictions in early 2020, while retailers and other businesses…
View Post

Netflix Scholarship Applications Now Open for East African Students

Netflix, one of the leading entertainment streaming services in the world, has opened applications to the Creative Equity Scholarship Fund (CESF) for film and TV students in the Eastern African…
View Post

Nokia Kenya Dodges a $260,000 Fine in Service Centre Contract Feud

A Kenyan court has reportedly rejected a petition filed by Kenyan dealer TechnoService which is seeking Sh150-million ($257,832.60) from cellphone manufacturer Nokia for allegedly selling some of its businesses to…
View Post