Usually, as we move from one year to the next, we look at trends for the coming year so that we know what to expect. This is especially pertinent in the IT industry where things evolve at lightning speed.
By Keitumetse (KT) Mogodi, consultant: modern platform-security at Altron Karabina
This is not so that we can invest in the latest and greatest for their own sake, rather it is to keep businesses relevant and competitive on their digital journeys, as well as to keep them safe from a cybersecurity perspective.
To set the record straight, across the entire spectrum of IT, cybersecurity will remain one of the foremost trends. This is because as we harvest and use more data, companies across all industries are under constant threat from cybercriminals. Security must always remain front of mind.
Perhaps a good analogy would be that of a house. While you may want a new kitchen and need a new fibre line to make the most of your living space, you know that one of the fundamentals is security. You must ensure that your various layers of security are well-designed and in place, and then most importantly, have confidence that the people in the house are security conscious.
It is no different when it comes to securing your business systems. Cybersecurity remains among the top trends in IT, and within the realm of cybersecurity, people remain the weak points because no matter how well you design your security layers, there is always a risk that an employee – who may not be as well-trained as you would like – clicks on that one link that opens your organisation’s back door to criminals.
If we appreciate that people are a weak point, it will come as no surprise that as we head into 2023 the number one cybersecurity threat is social engineering and spearfishing. As a CTO, CIO or CISO, it is one thing to build up a secure system, but it is fuel for sleepless nights to realise that it takes one employee clicking on a well-designed email link to undo all the hard work.
So, what is to be done?
* Design the architecture around security – Every layer of your organisation, from the physical layer to the application layer, should be designed to be secure. It cannot be overstated how important the actual architecture of a system is in terms of security. Even the latest and best tools work better on a properly designed ecosystem.
* Constant reviewing – A business may look at its systems today and feel secure in the knowledge that it is well-protected. However, that may not be the case in a month or three months’ time. The speed at which cyber criminals evolve means that businesses need to have regular reviews of their systems against the latest security threats.
* Ongoing training – Employees must be security conscious, and one of the best investments a business can make to secure itself is in employee education. Just like the constant reviewing, it cannot be done once and left. The sophistication of social engineering, for example, shows just how crucial it is for employees to be prepared.
* Automation and artificial intelligence – Automation, generally, means that machines take care of menial tasks while people are freed to focus on more strategic aspects. That being said, menial does not mean less important. In the case of cybersecurity, it is vital, and this is why it will likely be the top cybersecurity trend of 2023.
Tools such as Microsoft Sentinel use automation and AI to ensure that the labour-intensive and mundane task of cybersecurity is taken care of. It allows IT managers or security consultants to set up alerts so that threats are easily detected, investigated and remediated – immediately. By way of example, Sentinel will pick up incoming emails with malicious intent and remove them before they even land in the inbox of a vulnerable employee. Its immediacy is important as a threat must be stopped because it takes an instant to enter the business and move laterally and cause damage.
This saves the IT manager or security consultant from mailing thousands of employees about potentially dangerous links and frees them to spend time researching current and evolving threats and building forward-looking security strategies.
It is clear that cybersecurity will likely always be a hot topic, and that humans, either through a shortage of ongoing training or in a moment of a dropping in their guard, have the potential to open doors for criminals. That being said, well-designed systems, ongoing reviews and training, and automation in the form of specialised tools such as Microsoft Sentinel that leverage AI, will go a long way to keeping organisations’ systems safe. However, there is no space for complacency, as security is an ongoing exercise.
This is where working with an expert partner makes sense. A specialised consultant will take a business’s hand and guide it through each step of its digital transformation journey. Each journey is different, and so a customer would do well to find a consultant that takes the time to get to know the business and understand its needs, and then develop solutions and processes that keep it safe as it goes about its business.