A new survey conducted by the Enterprise Strategy Group (ESG) reveals that senior leaders, including IT decision-makers, are planning to increase their cybersecurity spending in the coming year. This is in spite of the predicted decrease in overall spending on internal work such as IT due to inflation and uncertainty in global markets. The survey suggests that about 65 percent of senior leaders are inclined to allocate more funds towards cybersecurity due to the evolving threat and frequency of online attacks.
According to Gartner, a technology research firm, spending on risk management and data security is expected to reach $188 billion in 2023. This surge in cybersecurity spending can be attributed to the impact of the COVID-19 pandemic and the increasing regulatory pressures that organizations face. With the average cost of a data breach in the USA soaring to $9.44 million, it is crucial for organizations to prioritize cybersecurity and education within their workforce to ensure the protection of critical infrastructure and maintain their future viability. Additionally, the growing volume of data being processed and stored by businesses, both locally and on cloud-based servers, necessitates increased investments in cybersecurity.
Astrid Gobardhan, the Group Data Protection Officer at VFS Global, emphasizes the importance of establishing and maintaining security provisions within organizations. Cybersecurity should be prioritized and seen as an insurance policy against potential attacks. Gobardhan acknowledges that each business faces unique challenges in terms of cybersecurity, but no organization is completely immune to cyber threats.
To enhance resilience against external attacks, organizations should consider the following points:
1. Educate employees about cybersecurity: Employees should be educated about the risks associated with their roles and provided with guidance on organizational processes related to cybersecurity. By fostering a culture of risk analysis and open discussion, organizations can effectively prevent and respond to attacks.
2. Perform software updates and use complex passwords: Attackers often exploit vulnerabilities in software and gain access to systems through password breaches. Regularly updating system software and using strong passwords that include a mix of upper and lower case letters, numbers, and symbols can significantly reduce the risk of both local and external attacks. Password managers like Dashlane or LastPass can help generate and store secure passwords.
3. Use multi-factor authentication: Implementing multi-factor authentication adds an extra layer of security to accounts and systems. This requires users to provide multiple forms of identification, such as a password and a code from a mobile device. It is a widely adopted practice that helps organizations mitigate risk and trace breaches if they occur.
4. Be aware of social engineering attacks: Social engineering involves manipulating employees into bypassing security procedures. Attackers may pose as line-managers or IT professionals to solicit login credentials or organizational information. Employees should be educated about the “red flags” associated with such attacks and encouraged to verify requests through alternate means of communication.
5. Conduct “live fire” exercises: Periodic security tests, even for organizations that use third-party IT departments, can help identify areas for improvement. These exercises also provide an opportunity for staff to receive refresher training on identified weak points.
However, it is essential to recognize that the digital landscape is constantly evolving. Organizations need to stay updated on emerging threats and share relevant information with their teams promptly to prevent external attacks. By adopting a prevention-first approach and implementing the aforementioned suggestions into their operations, organizations can take significant steps towards reducing their exposure to risk.
About the Author:
Astrid Gobardhan serves as the Group Data Protection Officer at VFS Global, the world’s largest outsourcing and technology services specialist, which caters to 67 sovereign governments worldwide. Since its establishment in 2001, VFS Global has processed over 251 million applications. Gobardhan’s role highlights the criticality of cybersecurity provisions for businesses, regardless of their size. More information about VFS Global can be found at www.vfsglobal.com, and Astrid Gobardhan’s LinkedIn profile can be accessed at https://ae.linkedin.com/in/astrid-gobardhan-94030221.