In December 2020, Gunbrig Security CEO Dima Zodek (member company of DeepDive Technology Group) made a bold prediction that 2021 would be “the biggest year for cyber security ever.” He predicted that we’d experience the biggest boom for cyber security spending, the worst year for global cyber attacks, and the greatest shortage of cyber security experts. Although he was right, he also thinks 2022 will be “even bigger.”
The Backdoor Has Been Opened
Our way of work is changing almost daily. Some have come back to the office, while others remain at home. Remote work is STILL the hot-topic. And protecting the remote workspace is still the single most important thing that must be done. We do see a TON of issues with malicious attacks on the remote workspace, which is now accepted as the weakest point-of-entry into the enterprise. A backdoor into the enterprise has been opened.
Enterprises basically jumped from 1 corporate office to 3,000 less secure offices overnight with the work-from-home revolution.
Using home computers
Using work computers, at home
Home IT infrastructure is cracked
WI-FI routers at home have weak security features at-best
New Technologies, New Problems
Technology changes in the enterprise only add to the problem. Cloud technology is a perfect example. Cloud is still a relatively unknown area in the enterprise because many have never touched or studied it prior to COVID. Cloud providers make it SO easy to deploy cloud infrastructure with very little working knowledge of it. And like any other emerging technology, the last thing that people think of is security. Speed-to-market is prioritized over security.
“For enterprises deploying Cloud without considering cyber security measures, means sending invitations to hackers to come join the party… without realizing the invitations were sent”
Dima Zodek, CEO @ Gunbrig Security,
-DeepDive Technology Group member company
Beyond remote-work and emerging technology, the last five YEARS have really been “a hacker paradise.” We see more & more advanced attacks on huge organizations stealing billions of dollars; many events not published publicly. Damages to organizations breached include financial damages, information damages, and costly operational downtime. Let’s keep in mind that even the smallest breach for the organization can create a massive reputation loss as well.
Nothing’s 100% Protected
The reasonable question is: what percent of organizations are completely secure?
The answer is: none.
This message applies to every enterprise out there. Even if an enterprise is air-gapped, as long as we have people working, from a social engineering perspective, nothing is actually air-gapped. As long as an employee can work on one side of the wall, and move to the other, no security measures, regardless of how technically sound, are “completely secure.”
It’s a tough time for IT managers right now. Working with the same, or fewer resources, responsible for securing more employees in more geographies in remote-work settings.
How should we secure higher-ranking employees? What additional efforts should go into securing their information, considering they’ll be more likely targets of malicious cyber attacks.
If an American company is hiring German employees, what should they do? How do we protect them? How do we secure business with all the files employees download and share?
There’s a lot of questions. And the only answer is to never stop working on improving your cyber security, promote a culture of proper identity management and securing your employee’s communication channels regardless of where or how they operate.
In cybersecurity there’s no “if,” only “when.” So when the time comes, perhaps you’ll be ready.
No enterprise organization is completely safe.
Should enterprises panic? Certainly not.
Should enterprises be far more proactive…especially considering the shift towards cloud technologies, remote work conditions, and the growing frequency of headline news-worthy cyber security breaches? Absolutely.
There’s lots that can be done. And it’s officially time to get to work!
You have to be prepared. And preparation means doing things to reduce the risk of being compromised in the first place. “If” and “when” your enterprise is compromised, ensuring that you & your business departments are best-prepared to handle the disruption with minimal losses, downtime, or reputation-hits is the name of the game for today’s successful modern enterprise.
From a cyber security perspective, 2022 is going to make 2021 look like a walk-in-the-park…
Thanks to Dima Zodek, for his ongoing thought-leadership on the topic of enterprise cyber security.
Dima Zodek, CEO @ Gunbrig Security, DeepDive Technology Group