Cyber security: Are businesses becoming too complex to secure?
By Joel Dandrea04 February 2022
As construction and transport companies lean into more hi-tech, digital internal processes and systems, the threat of a cyber breach, especially from third-party relationships and software supply chains, remains ever-present.
As an organisation’s system interdependencies grow more complex and digital connections multiply, so too does the risk of said breach. Attackers are on the hunt for vulnerabilities in networks all the time, and we need look no further than 2021, which was one of the worst years on record, for cybersecurity.
One question that has repeatedly emerged asks: are businesses simply becoming too complex to secure? While the answer to that question remains fluid both now and in the future, one possible solution – albeit not the only one – has also emerged, and that involves simplification.
While not all technology can be simplified, leaders play a crucial role in identifying and working with their team(s) to implement simplification as consciously and deliberately as possible whenever the opportunity is available.
So then, expanding on these roles, recent studies have found that business leaders often think they’re more involved, and-or in support of, setting and achieving cyber goals than they actually are. In fact, surveys often reveal that CEOs are likely to start getting more intimately involved in cyber and privacy issues only after a compliance review, a metrics report or a breach has occurred.
Given that leaders are likely involved in cultivating company culture, then his or her absence in regards to cybersecurity (until there’s a problem) can create a disconnect or even a sense of imbalance. Thus, within any company the CEO, together with the board, must maintain understanding of the risks and assume ultimate accountability and responsibility for cybersecurity activities and personnel.
Again, however, many within your organisation may speculate: are we too complex to secure? Understandably, within an overly complex organisation, it’s easy for the left hand not to know what the right hand is doing – and the consequences for cybersecurity and privacy can be dire.
Around 75 per cent of c-suite leaders believe their companies are too complex – sometimes unnecessarily so, and it weighs on them.
Dare to subtract
Obviously, complexity isn’t a bad thing, in and of itself. As a business grows, it’s often a normal by-product – and more people, services and products almost always require more technology. But the associated risks can easily go unnoticed or ignored, until an attack occurs.
To be fair, simplifying cybersecurity can be challenging, but certainly not impossible. One thing to consider is the cloud. Moving to the cloud can help simplify business processes and IT architecture, provide flexibility and accelerate innovation. Done right, cloud transformations can be secure, efficient and successful – and most leaders around the world consider it a top security investment.
In addition, deploying two-factor authentication and putting your remote desktop protocol (RDP) behind the firewall – can vastly reduce the risks from phishing, which remains a popular tactic, by itself, and in tandem with malware and ransomware attacks.
That said, include the CISO (chief information security officer) and security teams early in cloud migration and adoption, mergers and acquisitions and other organisational initiatives. That way, every executive at the helm of a major business initiative will be able to readily answer the cyber-plan question.
Finally, dare to subtract. Left on their own, technology and data tend to multiply, divide and conquer efficiency and security. Whittle down excess with security goals in mind: assess your data stores and eliminate everything you don’t need now; move your disparate apps and solutions into a cloud environment for easier management; and consolidate, liquidate and automate where you can.