The Tech Edge: Experts Tackle Cyberattacks — Protecting What Matters in Our Digital World
Did you know that there are estimated to be 2,200 cyberattacks every day? This means that a cyberattack happens every 39 seconds. It’s estimated that cybercrime will cost $9.5 trillion in 2024 — this is not a number that can be ignored. So, how can organizations combat cyberattacks? Cybercriminals are now so precise and personalized, using easily accessible and personalized data to understand exactly how to find their way in.
I remember my conversation with Itzik Gur, Chief Information Officer at Insentra, in The Tech Edge series on how AI enables bad actors to gather and process information more efficiently, potentially making phishing attempts more convincing and challenging to detect.
In this evolving digital landscape, organizations need to stay ahead of the curve in their AI-driven security measures. Cybersecurity isn’t just fancy technology or complicated jargon, and it’s definitely not something that can be put off or ignored. It’s about protecting people and their most crucial asset — personal data and information.
Let’s revisit what Itzik had to say about the importance of continuous education about risks, industry best practices, and the latest threats to create a culture of security awareness.
The Cyberthreat Landscape and the Role of AI
When the COVID pandemic hit, our lives were transformed overnight. Suddenly, everyone worked from kitchen tables and home offices (or garages, in my case!). Our secure office networks became a scattered web of connections, and cybercriminals saw this as a golden opportunity.
The rise of remote work and cloud services has fundamentally changed the cybersecurity environment with the persistent threat of phishing and social engineering attacks. AI has made this landscape even more complex, being an incredibly versatile technology capable of being used for both protection and harm. While AI enhances defensive capabilities, allowing for more sophisticated threat detection and response, it also empowers attackers.
Proactive security measures are not a sprint; they’re a marathon of ever-evolving trends that you need to adapt to and review continuously. This will not be successful without also implementing an ongoing employee education and awareness programs. With employees accessing company data from various locations and devices, businesses must adapt their security strategies to accommodate these hybrid work environments.
Humans in Cybersecurity
Cybersecurity is everyone’s responsibility, not just IT departments. Every single person in an organization is a potential entry point — or a potential shield. We need to make people genuinely understand what is at stake as well as the ramifications of inaction.
Sophisticated attacks often rely on human error, such as clicking malicious links or responding to requests without proper verification. The urgency created by attackers can lead targets to act hastily, bypassing standard security precautions.
The concept of “zero trust” has become more crucial. Organizations should start by not trusting access requests and gradually releasing secure areas only after thorough analysis. This shift in mindset is essential for protecting distributed work environments effectively. Better adherence to data retention regulations and policies is also needed, as organizations often retain customer data long after it is necessary or legally required, significantly increasing vulnerability to breaches.
3 Recommendations in Education and Awareness
There is no one-size-fits-all solution. Proactive measures should be in place, tailoring security strategies to each organization’s specific situation. Itzik shares some recommendations for business leaders to remain vigilant in their approach to information security:
1. Create a Culture of Continuous Learning
Cyberthreats evolve faster than software updates.
- Regularly educate yourself and update your team on current threats, industry best practices, and relevant legislation.
- Implement regular micro-training sessions and make learning engaging, not punitive.
- Use real-world examples and interactive scenarios.
- Implement continuous monitoring tools and management of your infrastructure.
2. Adopt a Zero-Trust Security Model
Traditional "trust but verify" approaches are dead in the water.
- Treat every access request as potentially suspicious and use context-based access controls.
- Implement basic security measures like two-factor authentication everywhere.
- Continuous monitoring and evaluation audit of unnecessary access permissions.
3. Develop a Comprehensive Incident Response Plan
It's not about IF you'll be attacked, but WHEN and HOW you'll respond.
- Create a detailed, step-by-step playbook for different types of cyber incidents.
- Conduct simulation exercises and have a dedicated response team with defined roles.
- Establish clear communication protocols, including transparent customer communication strategies for potential breaches.
Changing Legal and Regulatory Landscape
Cybersecurity is deeply personal. When the Medibank hack in Australia happened, it wasn’t just data that was exposed – it was people’s sensitive medical information – real lives, with real consequences. This serves as a stark reminder that behind every data point is a real person, and business leaders must remember they are dealing with personal information, not just abstract data.
New laws and the regulatory landscape need to adapt to a fast-paced digital world. A good example is Australia’s cybersecurity strategy extending to 2030, which highlights the increasing government focus on holding organizations’ leadership more accountable for protecting customer and employee data to mitigate the personal impact of cybersecurity breaches.
Business leaders must stay informed about these regulatory changes to ensure compliance and avoid potential legal repercussions. We’re not just protecting data. We're protecting people’s trust, privacy, and sense of security.
Key Takeaways
Whether you’re a business leader, an employee, or someone who uses the internet (which is basically everyone these days), remember that cybersecurity starts with you.
We can better protect ourselves and our stakeholders by prioritizing education, implementing robust security measures, and considering the human impact of data breaches. The key message is clear: cybersecurity is an ongoing journey that requires constant attention, adaptation, and a holistic approach involving every level of an organization.
One thing to think about: What would you do if this happened to you? Stay curious, stay informed, and never stop learning.
Check out this episode and more here: The Tech Edge — Ticker.
Alyssa Blackburn is the Director of Records & Information Strategy at AvePoint, where she helps organisations achieve business value from their information. In her role, Alyssa provides records and information consulting services as well as system implementations, allowing customers to optimise the structure of their information to maximize business benefits while meeting data governance and compliance objectives. With 20 years of experience in the information management industry, Alyssa has worked with both public and private sector organisations to deliver guidance for information management success in the digital age. She is responsible for the development of AvePoint’s information management solution, and has been involved with implementing our records management solution with government agencies and commercial clients. Alyssa is actively involved in the information management industry and has spoken at a number of events including at Inforum 2016 in Perth. She has been published in the RIMPA IQ magazine and recently won the 2016 award article of the year for the RIMPA IQ magazine for her article titled, "Why you need to think differently about information management."
