Why and where to invest in cybersecurity: A guide
09 August 2023
Here, a cybersecurity expert outlines the current cybersecurity trends and recommends the steps that businesses can take to protect themselves from attacks.
According to NordLayer’s cybersecurity research data, most cyberattacks in the UK start with phishing (43 percent) and malware (31 percent). Ransomware, one of the most menacing recent threats, appears in last place (16 percent).
In addition, organisations of various sizes are not immune to cyberattacks. For example, last year, 92 percent of large companies experienced a cyberattack at least once, while medium-sized ones – 85 percent and 58 percent of small organisations were affected.
To make matters worse, the average cost of a data breach is higher than ever before, making cyberattacks a bigger financial burden. Considering all this, businesses nowadays can hardly exist without sufficient cybersecurity investments.
What is the need for a cybersecurity budget?
According to Statista, global spending on information security is expected to increase between 2017 and 2024. However, over 70 percent of businesses estimate they wasted 25 to 100 percent of their cybersecurity investment.
Therefore, even if cybersecurity investment keeps on increasing, expediency is still low.
Our research shows that in the UK, the most prominent cyberattacks from last year were phishing (43 percent), malware (31 percent), and data breaches (26 percent). The trends aren’t favourable either because the UK is the 6th country globally regarding the cost of a data breach. This year, the average cost is $4.21 million.
The elements of a good cybersecurity
Carlos Salas, a cybersecurity expert and Head of Platform Engineering at NordLayer, shares the most important steps on where to start when creating investments:
• Firewalls. If an organisation relies on a network, a firewall is a must because it monitors and controls network traffic. Acting as a barrier between the internet and/or other untrusted networks and your private network, it's the first defence against malicious connections based on predefined rules.
• Solutions. Organisations can protect themselves against cyberattacks by purchasing cybersecurity hardware or software solutions, which integrate into infrastructure, providing access to firewalls, antivirus, access control mechanisms, and intrusion detection systems. These technologies work together to halt or mitigate cyberattacks. This is the first choice of UK decision-makers, and 66 percent of them plan to invest in solutions in 2023.
• Training. The cybersecurity landscape is constantly changing. Therefore, employees' skills and knowledge need to be periodically refreshed. Cybersecurity training and certifications ensure that employees know the best practices for protecting this information and can identify potential threats. Usually, they are the first target of almost all cyberattacks. This is also the second most popular investment among Britons, with 57 percent of organisations investing in that.”
Analyse the background of your company
Salas agrees that cybersecurity solutions cannot start without a careful investigation of your business: “Firstly, acknowledge the change in the cybersecurity landscape, and be aware of cybersecurity challenges and the vulnerability of your business to cyber threats. Malicious actors look for security gaps to exploit zero-day vulnerabilities.”
As various pieces of research show, size, and brand awareness are not factors in determining when and how threat actors will target a business – luck is.
Salas adds: “Also, make sure to assess business-affecting risks. Some industries have more red flags than others due to the nature of the data they process. The exposure to cyber threats can vary depending on the type of service or product the organisation provides.
Lastly, have a concrete plan for a cybersecurity strategy. It should have concrete processes, as well as clearly state what tools and solutions are used, have continuous employee security training, dedicate staff or consultants, and always have backup plans for different threat scenarios.”