Intelligent CIO APAC Issue 28 | Page 55

FEATURE : CYBERSECURITY are rarely achieved without making waves , especially when it comes to large-scale technology initiatives .
Each initiative often creates a massive swathe of new interconnected digital identities that contain the credentials of the human or machine linked to it . Think of personal information in banking applications or the multiple login details you have to remember when accessing your organization ’ s software applications .
These digital identities are used to facilitate interactions and broker access , often to sensitive corporate data and assets required to perform a job or function .
What sort of challenges occur with an increase in the number of connected devices ?
The increase in the number of connected devices brought about by digital adoption , brings along a set of challenges . Last year , a report by the Cybersecurity Agency of Singapore ( CSA ) revealed that malwarelaced devices almost tripled from 2019 to 2020 .
The results indicate that while businesses were migrating online , cybersecurity best practices were not carried out efficiently , accumulating ‘ debt ’.
It takes just one compromised identity for a threat actor or malicious insider to launch an attack and start escalating privileges to move deeper into an environment in search of valuable assets . This is likely why respondents ranked credential access as their number one area of risk .
The key now is to tackle this debt responsibly before balances become too unwieldy , or worse , organizations face ‘ bankruptcy ’ for failing to evolve at the rate of technology change due to poor security decisions .
The good news is , some organizations are committed to turning things around . Notably , almost all respondents of the survey are embracing Zero Trust cybersecurity models of ‘ trust nothing ; verify everything ’, with half ( 50 %) prioritizing the implementation of Identity Security tools as one of their top three initiatives to pave the way .
And in the face of continued ransomware attacks and other emerging threats , organizations are approaching cybersecurity debt and risk reduction efforts more holistically by emphasizing important technical controls such as multi-factor authentication ( MFA ) and least privileged access as well as implementing peoplecentric initiatives such as security awareness training to encourage security-conscious behavior to become part of the organizational DNA .
Digging out of cybersecurity debt takes time and for many organizations , there ’ s much work to be done . Creating a risk-based plan can help businesses identify ways to make quick , high-return ‘ payments ’ and then follow a feasible timeline for reducing the remaining cybersecurity debt . With a solid identity-centric risk plan in place , organizations can effectively strengthen defenses against emerging threats while advancing key initiatives to propel their businesses forward . p
Yet 79 % said their organization hasn ’ t prioritized the protection of critical data and assets . Instead , they ’ re moving full steam ahead with initiatives respondents said could introduce significant risk .
This dissonance has created substantial cybersecurity debt that continues to mount as ‘ interest ’ accumulates in the form of new unmanaged identities across every major IT infrastructure component .
How can organizations avoid the ‘ debt trap ’?
As in one ’ s personal lives , a certain level of debt is sometimes necessary . If your car dies and you need one to get to and from work , you may be forced to take out a loan for a new car . Likewise , many organizations had no choice but to fast-track projects that could keep operations running amid pandemicdriven challenges , making some security trade-offs along the way .
www . intelligentcio . com INTELLIGENTCIO APAC 55