A U.S. Senate committee report noted that there have been more than 2,300 known ransomware attacks on local governments, schools, and healthcare providers in the U.S. in 2021. As people’s work habits and locations dramatically changed, it has made many systems–especially those based on the cloud–particularly vulnerable.
It is no surprise, therefore, that cybersecurity is a top priority for C-level executives, according to Gartner, and details around it must be included in job descriptions by 2026.
To gain insights on the types of issues that businesses should be considering, Digital Journal caught up with a key thought leader.
First is Geoff Hayden, CEO of Open System. Hayden explains that cybersecurity is essential in terms of planning and implementation, noting: “Cybersecurity is more of a priority than ever for government and industry. President Biden’s May 2021 executive order to improve the nation’s cybersecurity has given the category a heightened focus since pre-pandemic times.”
The situation is also subject to rapid change, Hayden explains: “The new ‘threat environment is transparent: according to a new report, U.S. businesses experience a staggering 42 cyberattacks annually, underscoring the priority of cybersecurity during a time of hybrid and remote work, when there is an absence of perimeters and an increase in attack surfaces.”
Hence, the changing workforce is a key determinant. Here Hayden opines: “This is disconcerting as it has engineers and other security professionals scrambling in the aftermath of an attack to remediate things and restore order after havoc has been wreaked.”
So, what is to be done? The best approach is to hire talent. Says Hayden: “Stellar cybersecurity professionals know to supplement the best in AI technology that detects anomalies with what they’ve learned from previous hacking attempts; they’re constantly looking out for potentially suspicious activity that could lead to breaches in organizations, compromising the organization’s overall cybersecurity posture. Mission-driven approaches to fully operationalizing cybersecurity must be employed to change the protection of proprietary corporate data and prevent the attacks we hear about in the news regularly. For instance, the recent attacks on Uber and Rockstar Games come to mind.”
Systems also need to be ‘always on’ and be fully tested, observes Hayden: “Because hackers in the above examples and countless others catch companies unaware, it is crucial to emphasize round-the-clock monitoring by a team of skilled professionals also employing human-guided AI to spot anomalies. Bad actors have become clever and crafty, which is why they continue to carry out attacks from the most basic, traditional, tried, and true methods (e.g., phishing) to the most sophisticated (AI-based attacks) while no one is looking.”
There is also a requirement to be one step ahead of the bad actors. By this Hayden means: “With AI, bad actors have the advantage of speed as they can pivot from one mode of attack to another once they breach a system. By taking a more proactive approach to cybersecurity and continually remaining one step ahead of attackers to outsmart them, we will have something more significant to celebrate during Cybersecurity Awareness Month of 2023. We’ll have learned how to stop potential attacks from achieving kinetic status, and we look forward to new statistics that support that.”