The rise of cyberattacks
Cyberattacks have become a pandemic of their own globally. In 2021, the number of breaches recorded was the highest it had ever been, increasing by 68%. According to the 2021 Breach Report released by the Identity Theft Resource Center, in the United States in the year 2020, there were 1682 data breaches. Among these Phishing, Smishing, BEC attacks, ransomware attacks, and malware were reported as being the three highest attack vectors for the last three years (2019, 2020, 2021).
Globally, Statista recorded that in the first quarter of 2022, internet users saw approximately 18 million data breaches. However, this issue has been ongoing. For countries in the Association of Southeast Asian Nations, ransomware has continued to be a severe threat. Research by Kaspersky found that in the Southeast Asia region, in the first three quarters of 2020 there were 2.7 million ransomware detections with Indonesia (1,308,371), Vietnam (886,874), Thailand (192,652), Philippines (137,366), and Malaysia (136,636) occupying the top spots. These trends have continued through 2021 and into 2022.
Unfortunately for companies, with the rise in the number of cyberattacks comes to the rise in what breaches cost companies. According to IBM, as of 2022, the average cost of a data breach is $4.35 million - an amount that has increased by 2.6% since 2021 when it was $4.24 million. Furthermore, only two years before in 2020, the cost was $3.86million reflecting an overall 12.7% increase in less than three years.
Individuals all across the world are also under direct attack by cybercriminals. In 2020, Statista completed a survey in which people from over 30 countries across every continent were asked what they believed the likelihood of them being hacked was. A third of respondents thought at least one of their online accounts (e.g., email, social media, banking) would be hacked into in 2021. Of course, companies with strong cyber security structures provide the benefit of data protection to their customers.
Hybrid and remote work culture reshaping the future
Remote and hybrid work is not a new thing, but in the last few years, we’ve seen a staggering rise in their rates. Covid-19 forced enterprises to adapt, and for many, there was no way to move forward with operations without finding a way to make them accessible to staff and consumers remotely. As such, this has continued to make companies vulnerable as staff work from home or in public workspaces where network security is not safe.
Executive board members for enterprises must realize this trend and look at this as an opportunity to reshape their cyber security solutions to meet the demands of the new ways of work.
Cybersecurity framework & questions for executive board members
What this information indicates is that now more than ever, cybersecurity frameworks are essential to data protection. Cybersecurity frameworks measure the standard of a cybersecurity structure, providing outlining weaknesses, risks, and effectiveness, giving them opportunities to improve where they fall short by holding themselves to the relative standards of a particular framework. There are several frameworks to test the strength, some of the prominent Cybersecurity Frameworks include:
- NIST Cybersecurity Framework: This NIST framework was established to encourage collaboration between the general public and private companies in detecting, managing, and mitigating cyber threats.
- ISO 27001 and ISO 27002: These frameworks are guided by a certification that validates the standard of a cybersecurity solution or program. Where ISO 27001 focuses on several factors of the foundation of cybersecurity compliance requirements, ISO 27002 focuses specifically on the security controls being used.
- SOC2 Compliance: System and Organization Controls (SOC) was developed by the American Institute of CPAs and exists as a guideline for how corporations should manage client data. A SOC 2 certificate rates the reliability of the solutions used to manage and protect customer data. The criteria used to determine the reliability are the fulfillment of the following five Trust Services: security, availability, processing integrity, confidentiality, and privacy.
Executive board members must ensure that their information security is well-protected by delegating responsibility and making sure that there is a standard to be maintained according to their chosen framework. According to the Harvard Business Review, the seven questions that need to be asked by executive board members are:
- What are our most important assets and how are we protecting them?
- What are the layers of protection we have put in place?
- How do we know if we’ve been breached? How do we detect a breach?
- What are our response plans in the event of an incident?
- What is the board’s role in the event of an incident?
- What are our business recovery plans in the event of a cyber incident?
- Is our cybersecurity investment enough?
By asking these questions, executive board members can collectively shape a security framework that they can look to compare to certification requirements.
Gartner on Enterprise Cybersecurity
Gartner categorizes the solutions required for enterprise cybersecurity controls and cyber defense according to their IT and information system control areas:
- Network and perimeter security: A network perimeter demarcates the boundary between an organization’s intranet and the external or public-facing internet. Vulnerabilities create risk allowing attackers to use the internet to attack resources connected to it.
- Endpoint security: Endpoints are network-connected devices, such as laptops, mobile phones, and servers. Endpoint security protects these assets and, by extension, data, information, or assets connected to these assets from malicious actors or campaigns.
- Application security: Application security protects data or code within applications, both cloud-based and traditional, before and after applications are deployed.
- Data security: Comprises the processes and associated tools that protect sensitive information assets, either in transit or at rest. Data security methods include encryption, which ensures sensitive data is erased and creating data backups.
- Identity and access management (IAM): IAM enables the right individuals to access the right resources at the right times for the right reasons.
- Zero trust architecture: Zero trust architecture removes implicit trust (“This user is inside my security perimeter”) and replaces it with adaptive, explicit trust (“This user is authenticated with multi-factor authentication from a corporate laptop with a functioning security suite”).
Our final thoughts for executive board members
All of the issues and criteria above serve as guidelines for enterprises and their respective executive board members to use in order to understand the risks that cyber threats pose, and the protection and management cybersecurity provides. Partnering with a vendor of enterprise cyber security solutions lessens the weight not only on executive board members but also on CIOs and their teams.
Sangfor’s main security solutions and services assist enterprises to manage their cybersecurity risk.
- Cyber Command – Network Detection and Response NDR: Sangfor NDR is designed to detect and respond to threats by monitoring all traffic on an enterprise’s network, not just North-South traffic, but East-West traffic as well. Detection is immediate, and responses are automated to kill threats as they are found and patch up threat entryways after removal and tracing.
- Next-Generation Firewall: Sangfor’s Network Secure is the first AI-enabled NGFW+WAF firewall and inspects traffic not only on networks but on applications too using the specially designed Web Application Firewall.
- SASE Sangfor Access: Sangfor SASE uses a cloud-based platform to manage business operations between in-office and remote environments. This solution allows businesses to accommodate advanced working situations without compromising security.
- Cyber Guardian – Managed Detection and Response Services: Cyber threats refine in nature and for many enterprises, there is a gap between their business missions and their ability to fend themselves from cyber threats. Sangfor Cyber Guardian bridges that gap by managing enterprise security operations. For companies with existing security teams, Sangfor supports them in managing security around the clock with security experts at your disposal.
Gartner Ratings
Gartner has placed Sangfor Technologies amongst its recommended Network Detection and Response and Network Firewalls vendors. These reviews are based on true ratings by customers of Sangfor.
On Sangfor Cyber Command (NDR)
Cyber Command is a very unique NDR product. Besides the traditional network detection and response capability, it also has a mini SIEM module embedded to collect the logs from 3rd party products and monitor the operation status of other network devices via SNMP. These special functions are far beyond our expectation.
Cyber Command is a great tool for guarding our cyber network. It has powerful and comprehensive detection capabilities that can show potential threats and the amount of traffic of a variety of applications. In addition, around 2 months ago, we used this product for threat hunting, and it helped us uncover the lateral movements from one client host to another financial server.
On Sangfor Next-Generation Firewall
Overall the product is working very good so far in terms of filtering and network application inspection traffic for threats. [It is also good for] securing the network environment and reporting the network threats.
Overall usability is good. Easy to use, hassle-free. Performance is good.