Despite widespread media coverage of damaging cyberattacks that occur on a seemingly daily basis , many organizations are yet to take the steps required to secure their IT infrastructures . In many instances , the attitude of ‘ it can ’ t happen to me ’ means investments are not made or tools put in place that could lower risks and ensure damages are reduced should an event occur . Often , these organizations don ’ t change this stance until they actually fall victim to an attack . the decision to deploy has been made , an organization is likely to be faced with a requirement to make a significant up-front investment .

Taking a proactive approach

To reduce the likelihood of falling victim to a cyberattack , an organization should undertake a proactive strategy that puts required tools in place and educates staff about the risks being faced .

This attitude is particularly troubling when you consider the current level of cyberthreats that exist . According to the recent WatchGuard Q4 2020 Internet Security report , more than 60 % of malicious files are zero-day malware . This means these files can ’ t be detected by signature-based protections and could remain within an infrastructure for an extended period .

The report also found that , although the number of unique ransomware payloads dropped by almost half during 2020 , the malware that is spreading is much more sophisticated .

Concerningly , cryptominers are back on the rise , following a lull in 2019 . Research has found unique variants have climbed more than 25 % year-on-year and reached 850 types during 2020 .

As well as causing significant disruption to business operations , a successful cyberattack can damage an organization in other ways . Media coverage of the incident can inflict brand damage and discourage customers from transacting . If sensitive data is lost , there could also be regulatory consequences . Leaving the deployment of a security infrastructure until an attack has occurred can be costly in other ways . Once

In this way , the need for a large one-off investment is removed as costs can be incurred over time . There will also be more opportunity to carefully consider alternatives and implement those which are the best fit for operations .

Being proactive also ensures that the organization is best prepared when new threats emerge . Working with their chosen security vendor , it ’ s possible to quickly augment existing protective measures and ensure they can withstand new styles of attack .

Above all , an organization should clearly communicate to all its staff that IT security is not something that is the sole responsibility of the IT department .

Each and every staff member needs to understand they also have to be on the lookout for threats and avoid activities or behaviors that might increase the chance of an attack succeeding .

Continuing to underestimate the level of damage that cyberthreats can cause is short sighted and could caused significant damage . Taking steps now to put in place suitable layers of protection could help to avoid this damage in the future .

www . intelligentcio . com INTELLIGENTCIO APAC 33

Intelligent CIO APAC Issue 11 | Page 33