Recent cyberattacks – such as the major ransomware incident affecting the Colonial Pipeline in the US – have shown that organisations still have a lot to do to sufficiently prepare themselves for threats. However, software development expert STX Next – in partnership with Aleksander Czarnowski of cyber expert AVETINS – believes that cybersecurity is coming to be viewed in the same manner as the seat belt: after years of apathy and neglect, its importance is now much more widely recognised. As a result, it is becoming a critical element of organisational strategy.
There are plenty of statistics that underline how businesses remain unprepared for cyberthreats in many areas. Research by Varonis found that only 5% of companies’ folders are adequately protected against external threats, while a 2020 survey by STX Next discovered that only 20% of organisations have a dedicated cybersecurity team in place.
Despite the work to be done, STX Next CEO, Maciej Dziergwa, believes there is plenty of cause for optimism.
He said: “New cyber threats seem to emerge every day, while the methods used by hackers to compromise data become more sophisticated with each successful attack. Despite the obvious dangers, there are encouraging signs that cyber is being taken much more seriously than it used to be. This shift in attitudes is welcome, and is something we believe will be permanent in the ongoing battle against cybercrime.”
Aleksander Czarnowski added said: “When seat belts were first introduced in cars in the late 1940s and early 1950s, they were met with considerable opposition by the public. Over the proceeding decades, opinion changed and now a car journey wouldn’t be complete without them. Views on cybersecurity are evolving in a very similar way.
“The pandemic has led to a much greater reliance on technology, which in turn has helped build an enhanced general awareness of cyberthreats and how to combat them. Ransomware has also entered mainstream public discourse as one of the most pressing dangers to businesses and government institutions. The result is that cyber has risen up the corporate agenda at organisations across all industries, which bodes well for the future.”
According to Czarnowski , there are a number of next steps for businesses to take in order to back up their interest in cybersecurity with real action.
Czarnowski said: “A first area to look at are your privacy policies. These should be examined and stress-tested to ensure they meet the demands of the modern threat landscape, and renewed or refreshed where applicable. Employees should be made fully aware of these new policies, and given comprehensive training to help them recognise threats (such as malicious emails or attachments) so they can learn how to avoid them.
“It’s also crucial to integrate privacy by design into all elements of the software development process. This should include imposing strict measures to govern coding practices, such as static analysis, better and more frequent testing, and banning the use of insecure API functions. This meticulous focus on security should also stretch to the organisation’s software stack, which includes taking steps to build secure applications and containers.”
He concluded: “Speed and flexibility are of the essence when it comes to cybersecurity. Bear in mind that something that’s considered secure today won’t be secure tomorrow, so businesses need to be on their toes at all times. If the required work is done now, cyber’s status as the new seat belt will be assured.”