• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Redefining enterprise security boundaries in 2021

Allan Tan by Allan Tan
January 12, 2021
Image from Pexels

Image from Pexels

For years, information security professionals and analysts have been prescribing the concept of securing the perimeter using a layered defence-in-depth strategy. This has introduced a complex and myriad security strategy but also has seen organisations pour millions into the effort.

But even into 2020, media and security researchers continue to reveal vulnerability exploits that have spawned breaches, distrust and continuing questions on whether current cybersecurity strategies are relevant for the times.

What is the right approach to securing the enterprise?

In the SANS Institute paper, Defense in Depth: An Impractical Strategy for a Cyber World, author and security specialist Prescott Small writes that the way Defense in Depth is practised today renders the organization more vulnerable. He advocates a shift in attitudes and thinking to better address the risks faced more effectively.

FutureCIO spoke to Dmitry Volkov, co-founder, CTO and head of Threat Intelligence, Group-IB, for his take on the state of cybersecurity in 2021.

Is cybersecurity a C-Suite concern?

Dmitry Volkov: Definitely, yes. Without the understanding of relevant cyber risks an organisation is facing and the support at the top level, it is impossible to create and put an effective cybersecurity strategy into practice. Companies that take cybersecurity seriously generally have dedicated cybersecurity committees that involve the C-Suite. Having such committees allows potential cybersecurity issues to be solved quickly.  An understanding of relevant cyber threats and risks, including among the C-Suite, is key to developing a proper, strategic cybersecurity plan.

Do we have a strategic view of the risks we face now? And what are the key risks today? What emerging threats should we be most concerned about in our industry?

Dmitry Volkov: The threat landscape and cyber risks vary by region, industry, and other factors. If you are an eCommerce company in Singapore, for example, then buying a solution for protection of Operational Technology (OT) networks wouldn’t be a wise investment. Every company needs to have its own risk map.

In general, dominant worldwide risks – as outlined in our annual Hi-Tech Crime Trends report 20/21 – include a growing number of sabotage attacks on critical infrastructure facilities aimed at disruption and destruction, as well as the greater risk of espionage attacks on government organizations. Financial services and eCommerce companies are increasingly suffering from relatively simple credential stuffing and social engineering attacks.

Furthermore, ransomware has become a concern for all, with neither private sector companies nor government agencies being immune to the ransomware plague. Late 2019 and 2020 have been marked by an unprecedented surge in attacks: over H2 2019-H12020, more than 500 successful ransomware attacks in more than 45 countries were reported.

On a technology level, I would say the main are the risks associated with the wider deployment of 5G which will connect a large number of devices to global networks, as well as firmware and hardware vulnerabilities that most of the existing security solutions cannot protect form properly.

Are we spending too much or too little for our online security?

Dmitry Volkov: There are thousands of IT businesses in the world now and competition forces these firms to release their products on the market as soon as possible. Under these circumstances, generally little attention is paid to cybersecurity. The paradox is that, despite the cost of cyberattacks skyrocketing over the past few years, companies of all size continue to neglect the very basics of cybersecurity. This leads to serious cyber incidents and sometimes the collapse of businesses.

In 2020, no company can afford to ignore cybersecurity. No one is immune. So this is not about spending too much or too little. It’s about wise investments into protection against threats relevant to your organization, depending on its size, location, and industry.

We are inevitably moving towards a near-ubiquitous software-defined everything future. How should information security practices, frameworks, policies be reviewed (re-assessed) to mitigate against cyber risk, one that is software-native?

Dmitry Volkov: Humans are the weakest link in cybersecurity. So, it’s dangerous to shift responsibility for cybersecurity to people. Using strong passwords, changing them constantly, and staying vigilant is important for sure, but it alone can’t save your company from cyberattacks.

Cybersecurity shouldn’t be in the hands of users but in the hands of those who provide users with various services and process their data. It’s their responsibility to ensure data integrity and safety by putting in place advanced threat hunting and intelligence solutions that allow to detect targeted attacks and monitor for leaked credentials.

Are telcos, regulators and enterprises missing anything when it comes to 5G and cybersecurity?

Dmitry Volkov: This is what we will see in the nearest future. 5G networks will connect a large number of devices to global networks, including those belonging to energy and industrial enterprises. As a result, the attack surface will increase dramatically.

Wider 5G integration significantly increases the capabilities of cybercriminals to carry out DDoS attacks, manipulate traffic, spread malware, etc. Hardware and firmware backdoors in 5G infrastructure equipment are other points of concern.

While 5G is being actively implemented, it’s important to discuss associated potential threats and ways to address them.

As CIO/CISOs re-evaluate their cybersecurity strategy for 2021, what questions should they be asking themselves, business leaders, and external security vendors?

Dmitry Volkov: An effective cybersecurity strategy is one that is based on relevant threats and risk to a business, but not only to the company itself. The most recent developments in the cyber threat landscape illustrate that a cybersecurity defence shouldn’t be just be limited to the perimeters of a business as threats can come from multiple sources (your software supplier, for example).

CIOs and CISOs should therefore be asking themselves the following question as they re-evaluate their cybersecurity strategies for 2021: who poses a threat to my company, to my partners and my clients?

Related:  Almost half of APAC companies faced customer confidence issues
Tags: cybersecuritydefense in depthGroup-IBSANS Institute
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe