With global spending on the Internet of Things (IoT) projected to top $1 trillion by 2023 and billions of devices already sending data from the edge to data centres, organisations must put the necessary safeguards in place to ensure their systems are protected.
As technology evolves so too do cyberthreats. Phishing scams are becoming increasingly sophisticated and malware target everything from employee computers all the way through to edge devices. The pandemic has reinforced the view that cybersecurity is only as strong as the weakest entry point into the organisation. Increasingly, this is becoming IoT devices that are installed with little thought given to their security settings.
The mistake many organisations make is assuming that security is a static process. They might feel that the anti-virus and firewall they have installed provide sufficient protection against the myriad of cyberattacks coming in. Unfortunately, the reality is quite different.
Instead, security must be viewed as an ongoing process. There is no ‘fire-and-forget’ approach that can effectively protect businesses in the digital world. In fact, it is a matter of when rather than if a company gets breached. And once this happens, it is about identifying the attack and responding quickly to minimise the potential damage. This cannot be done if security is not an integral part of the organisational strategy.
Complicating this is the digitalisation of the business environment. It presents a host of challenges that must be addressed if cybersecurity is to become integral to operations.
The events of the past several months have highlighted the importance of being cloud-based. Organisations want to make greater use of this environment and benefit from the likes of software-defined networking, artificial intelligence, machine learning, and so on.
But instead of adopting new innovations as they become available, potentially increasing the sprawl of systems on the network (and potential weak points), the organisation must base its cloud decisions on how it meets the business needs.
Part of this entails making the most use of the existing security investments made and building the right cloud solution to meet the company requirements. This also means the company can migrate to the cloud (and the associated services) at its own pace and not rush into new implementations.
Building from here, organisations must remain cognisant of the impact changing regulation could have on their systems and processes. This is particularly true for multinationals and organisations with cross-border operations – and the enforcement of international regulations such as the General Data Protection Regulation (GDPR) as well as the implementation of the Protection of Personal Information Act (POPI) in South Africa, hold several implications for non-compliance. And failure to comply places the organisation at risk of significant financial penalties, reputational damage, and even potential jail time for executives.
Adhering to cross-market regulations requires a thorough audit of the existing cybersecurity systems in place, as well as the new data innovations being implemented (from the edge all the way through to machine learning), and how best to align everything with regulatory compliance.
As with security, compliance is a continually changing environment – and organisations must keep pace with new regulations as they are introduced.
Whether it is IoT, smartphones, home routers, or even existing on-premise infrastructure connecting to a cloud-based data centre, the attack vectors facing organisations of all sizes require a more agile approach to cybersecurity. Intrinsic to this is putting cybersecurity at the centre of the business strategy to ensure it reaches all critical touchpoints.
James Hennah, Director, Security, BT, Asia Middle East and Africa