The Cybersecurity Priorities CIOs Need to Tackle in 2022
Each year, technological innovation brings employers new opportunities, from opening up new points of competitive advantage for businesses to allowing organizations to achieve their missions more effectively. Unfortunately, each passing year also seems to bring greater online threats. For CIOs, who’ve seen the past few years dominated by cybersecurity concerns, 2022 promises to be no different. In fact, cybersecurity concerns should remain a top – if not the top – priority for the foreseeable future.
The ever-growing threat of cyber attacks
Cyber attacks continue to increase, and with good reason. The number of permanent full-time available jobs available doubled between 2020 and 2021. More colleges are beginning 2022 online. From telehealth to food delivery, the consumer demand for online services remains robust as the pandemic continues. And the transfer of money online, from global remittances to unemployment insurance payments to digital banking, continued to increase globally.
All of this online activity has created new vulnerabilities for cybercriminals to exploit – and exploit them they have. According to one estimate, in 2021, corporate cybersecurity attacks increased by 50% each week over the previous year. Moreover, successful attacks embolden cybercriminals to continue, and there remain significant challenges to bringing the perpetrators to justice. Often, businesses and organizations don’t even report that they’ve been attacked to law enforcement authorities. Even when firms report attacks, many agencies simply do not have the resources to effectively identify and pursue the perpetrators. The tools needed to perpetrate a cyberattack remain widely available and grow in sophistication each year.
The long-term growth of ransomware attacks
According to one estimate, ransomware attacks may increase to an average of one every two seconds by 2031. That’s a frightening thought, but too many businesses, organizations, and government agencies remain mired in a wait-and-see approach to cybersecurity. Even firms that invest heavily in malware detection often still lack robust incident response and comprehensive data protection measures. That’s especially true among small and medium-sized businesses (SMBs), public sector organizations, and government agencies.
As we’ve seen from attacks on critical infrastructure, healthcare organizations, and other essential services, no sector is safe from ransomware attacks, and many lack basic cybersecurity measures. The pandemic has also shown us that cybercriminals will exploit natural and man-made crises. With more extreme weather events projected in upcoming years, governments must be prepared for the threat of ransomware attacks. Further, businesses and organizations must take a more active role in data protection, both through more robust internal policies and disclosure of ransomware attacks to law enforcement and the cybersecurity community.
CIOs must also be prepared to take more effective measures to prevent attacks. The focus must shift from relying on passive detection methods and an extensive (and expensive) backup strategy to better proactive threat monitoring, organization-wide cybersecurity hygiene practices and endpoint detection and response strategies. They should also not take too much focus off other forms of cyber attack. Cybercriminals will use whatever means are necessary to obtain as large a payout as possible from a targeted business or organization.
The new target: APIs
To maximize how much they can extract from businesses and organizations, they’ll target any vulnerability. APIs are the connective tissue between business applications that make (or should make for a seamless end-user experience. Yet they are often left unprotected – a vulnerability cybercriminals are increasingly exploiting.
The APIs that connect internal enterprise-wide applications to each other or to customer-facing applications can provide a backdoor to some of a business or organization’s most sensitive data and must be secured. And, of course, though CIOs should take every measure necessary to protect APIs, they must not do so at the expense of other potential points of vulnerability.
The ever-more prominent threat: nation-state actors
Cyber espionage and warfare are not new phenomena. But with the advancements in technology over the past two decades, frighteningly, they have increased substantially in both scale and scope. Businesses and organizations no longer just have to worry about targeted attacks on their systems. Disinformation campaigns can erode consumer confidence in a business or industry as much as they can in a political or economic system. The global supply chain, already severely disrupted by the pandemic, provides an irresistible point of entry for nation-state actors to attack a rival. And the evolving field of digital currency – growing faster than regulators – can catch up, also provides potential points of vulnerability for well-resourced, strategic operators.
It’s not just critical infrastructure operators and government agencies that must concern themselves with nation-state actors. Hostile nations seek to understand all potential points of vulnerability, whether in cars or trucks that can be hacked or in common everyday technologies. Effective threat monitoring not only requires dark web scans and cybercriminal threat intelligence. It also requires understanding the geopolitical landscape and which cybercriminals are proxies for nation-state actors.
The growing expense: cyber insurance premiums
Given the growing threat that cyberattacks pose, the demand for cyber insurance continues to grow. Moreover, as more cyberattacks are carried out successfully, insurers must cover increasing claim costs. That means businesses and organizations must pay increasing insurance premiums or face potentially catastrophic costs if a breach occurs. Further, to protect themselves, insurers will likely exclude some forms of cyber attack from coverage, such as ransomware.
To help limit corporate liability, many state legislatures have enacted or are working to enact corporate liability shields. However, the legislative process, especially regarding technological matters, is notoriously slow. While businesses and organizations usually must swallow growing insurance premiums, they must also ensure they have the coverage they need and a robust cybersecurity plan to prevent areas excluded from their policies.
The keys to protecting your business or organization
The most effective way to handle these growing cybersecurity concerns is with:
- A comprehensive, proactive, and organization-wide cybersecurity plan aligned with an organization’s physical security plan
- Qualified, trusted, and dedicated cybersecurity professionals capable of, tasked with, and accountable for implementing the plan
- Current, regularly, updated, and effective cybersecurity hardware and software implemented organization-wide
- Round the clock assessment, monitoring, investigation of, and response to all incidents
- Robust data protection and business continuity plans
However, many businesses and organizations lack the resources in one or more of these areas. Yet the costs are too high to let cybersecurity languish quarter after quarter. One well-designed attack could cripple your business or organization, whether you’re a tiny retail store or a large government agency.
Being an effective CIO involves remediating weaknesses, whether in an enterprise-wide software application or organizational resources dedicated to cybersecurity. If you recognize your organization is vulnerable, Acom Integrated Solutions can help. A leading security services provider servicing companies in Georgia and Alabama, Acom has the experience and resources to protect your business or organization from stem to stern. Whether you need support with a specific aspect of your existing cybersecurity plan or are looking for comprehensive protection, we’re looking forward to hearing from you. Contact us today, and let’s talk about your security needs.
Thanks to Sean and Kelly at Orbis Solutions, a Las Vegas IT services company for their friendship and help with this content.