The coronavirus pandemic has radically shifted the way we live, with many of us now shopping and working online – and cyberthreat actors have been quick to take advantage.
The range and sophistication of cyberattacks has intensified alarmingly as they rush to exploit new vulnerabilities exposed by companies developing their digital capabilities.
As a consequence, the latest Accenture Cyber Threatscape Report warns that organisations should expect cybercriminals to be far more brazen in their tactics than eight months ago. We’re seeing the likes of Maze ransomware threatening to ‘name and shame’ their non-compliant victims publicly online and malicious actors putting increasing pressure on victims who are prepared to pay higher and higher demands.
But there is a way forward. As ever, it is our own complacency that we need to guard against most and doubling down on the basics remains the strongest defence against attacks on business continuity and extortion threats.
Cybersecurity in the age of Covid
The latest Accenture research found that, while most companies are confident in their ability to protect their enterprise, one in every three targeted breach attempts succeed. The research found that 70% of organisations believe they have completely embedded cybersecurity into their culture, yet 75% of organisations have been plagued by at least one security breach or incident this year.
Indeed, the average organisation faces at least two targeted cyber attacks per week and, if at least one-third are effective, that is two-to-three security breaches every month.
Critically, 84% of breaches happen at the application layer and right now, particularly with application development supercharged to support remote work collaboration and to enhance consumer e-commerce connections, the challenge is to ensure that developers do not sacrifice security for speed.
Operational priorities are currently driving an urgent need to innovate. Users too are relying more and more heavily on mobile access, with 87% spending more time on apps than directly on the web.
Against this backdrop of continual digital transformation, the failure to understand the impact of application security vulnerabilities, mitigation and security controls, is a precarious position to be in.
- LogicMonitor Launches Log Intelligence for IT Operations
- FinTech Scotland to Shore-up Cluster Cybersecurity With Check Point
- GoDaddy Cryptocurrency Domains Hit in Social Engineering Attack
As a priority, we would call on all organisations to protect their core business by designing and implementing a holistic and complete security review of systems and applications.
Then, embed security from day one. The lack of security in the application development lifecycle can be costly, with our studies estimating that it is 30 times more expensive to fix applications in production than in the project phase. Integrated security and remediation services must be built into the application development lifecycle.
The urgency of digital transformation cannot come at the cost of robust, effective and proportionate security controls. An application security reboot would help organisations detect application vulnerabilities before they become a problem, remediate them when they are still cheap to fix and manage regulatory compliance.
A changing cybersecurity landscape
Cybersecurity is far more nuanced than it once was. There are different threat profiles for both mobile and web applications, just as there are now vast quantities of data of differing values, types, classification and location across an organisation.
A comprehensive security strategy and approach can accelerate the ability to protect data through people, process and technology efforts, while defining the criteria that supports the business goals.
Connectedness has its consequences, but the growing expertise in cyber security is a strong line of defence. Most of all shift security processes left and embed them early into the development cycle.