Organizations are facing the consequences of not properly securing their digital acceleration, but what can be done to mitigate cybersecurity debt?
Businesses in the UK have faced – to put it mildly – unprecedented challenges over the past two years, both in severity and variety. Not only have the pandemic and Brexit combined to force them to rapidly pivot in how and where they operate, but the threat landscape has become even more testing. Vulnerabilities have been highlighted in recent years by digital supply chain breaches such as the SolarWinds attack along with other major attacks such as Codecov and Kaseya, which ripped through software supply chains in frightening succession, causing huge disruption globally by exploiting weak links in code. In fact, CyberArk research found that, over the past year, 70% of organizations have experienced ransomware (opens in new tab) attacks, with an average of two per company, while 71% suffered a software supply chain attack that resulted in data loss or a compromise of assets. Even so, shockingly 62% of organizations have done nothing to secure their software supply chain since these headline-making attacks, with 64% admitting that if a supplier was compromised, they wouldn’t be able to stop an attack on their own organization. This is a pressing issue because, instead of addressing these vulnerabilities, investing in security has taken a back seat in favor of prioritizing digital initiatives to support competitiveness and growth. Many of these digital initiatives have been a necessary response to the health and trading environment. Businesses have had to pivot quickly to the cloud, prioritize enabling remote and hybrid working (opens in new tab) and accelerate the introduction of new digital services for customers. Understandably, the boardroom’s focus has been on agility, resilience, profitability and survival. But it’s important to be aware that every major IT initiative results in the growth in digital interactions between people, applications (opens in new tab) and processes.
