Sophistication and the severity of cybersecurity attacks have increased in the last two years as organisations embraced remote-working and shifted some of their resources to the cloud.
According to predictions from Gartner, global spending on cloud services is expected to reach over $482 billion in 2022, up from $313 billion in 2020. Cloud computing infrastructure is the backbone of the delivery pipeline of just about every digital service, from social media and streaming entertainment to connected cars and autonomous internet of things (IoT) infrastructure.
CIO Africa spoke to Chris Stutz, Principal Consultant at Cyber X Africa on the latest cybersecurity trends organizations should look out for in 2022.
Q: What should be the top priority for CIOs regarding cybersecurity this year?
Chris: A resilient cyber security roadmap in addition to continued end-user awareness & training. Good governance in addition to an experienced cyber security provider, with continued vulnerability assessment coupled with reliable threat intelligence are good priorities.
Q: With organizations adopting cloud services more than ever, what would you say are the 5 threats to cyber security in 2022?
Chris: As organizations transition into the exciting world of cloud services, it is extremely important to understand the relationship and responsibility between the organization and cloud service provider. Failure will likely result in reputational or financial damages far outweighing any benefits.
- Involuntary data disclosure/leakage
- Lack of compliance
- Poor governance
Q: As there has been such a surge in working from home, this has created concerns for cybersecurity professionals, exposing businesses to many threats. What preventive measures would you recommend a business takes to fill those gaps?
Chris: The threat landscape for organizations is forever changing. COVID-19 and remote work forced a quick adoption of VPN and various mechanisms to enable continued product and service delivery. Reconciliation of planned, executed, and scheduled activities against actual through scanning and monitoring tools to ensure risk of Shadow IT is reduced, in addition to a layered security approach with controls to match the level of protection required are good points to start. Ensure you adopt the principal of least privilege and conduct regular risk assessments to understand impact and likelihood of various cases to help better prepare for a variety of scenarios planned and unplanned.
Q: How can organizations achieve cyber-resilience?
Chris: Plan, do, measure, adjust, and repeat. Senior management is crucial as they control the ability to finance continuous improvement with the aim of cyber maturity and subsequently resilience. See the domain of cyber security as an opportunity rather than an obstacle.
Q: What three cybersecurity questions should every C-Suite ask?
Chris: They should ask themselves the following:
- What is the priority of cyber security?
- What is the impact of the proposed solution on dependencies and the subsequent residual risk?
- Total cost of ownership to mitigate vs cost of the loss?
Q: What are the latest threat patterns that organizations should look out for?
Chris: Targeted attacks for specific groups within specific countries. The war between Russia and Ukraine has seen a surge in targeted attacks for example.
Q: What are best practices for today and how can businesses avoid cyber threats such as ransomware, phishing attacks, etc?
Chris: Cyber security is all about understanding and subsequently adopting good risk management practices to reduce risk of various cyber security-based attacks. It requires a multi-dimensional approach and expertise across several domains to be successful.
Q: Is blockchain the future of cybersecurity?
Chris: Blockchain technology will play a large role in cyber security. There are several different applications using the benefits of decentralization for transaction and storage that has seen and will continue to see large focus.
Q: Is cybersecurity getting more expensive or less expensive?
Chris: Cyber security solutions are getting cheaper as mass-adoption of cyber security related products and services are being consumed by a variety of end users from government, large enterprise, small to medium business, and the consumer. This is however dependent on the technology. Companies with the largest budgets and the most at stake will continue to spearhead emerging technology development in the cyber security space. This can include advancements in artificial intelligence and machine learning for example.
Cyber X Africa is a bronze sponsor of the 7th edition CIO Africa Cloud & Security.