The internet is increasingly becoming a threat to companies due to cybercriminals. Not a week goes by without a well-known medium-sized business or corporation being attacked and harmed. A rethink and proactive action are required when dealing with this threat. What matters most?
Cloud and friends
Cloud, Software-as-a-Service, work-from-home, bring-your-own-device, and naive users open up unimagined possibilities for criminals. Stolen trade secrets can be sold to competitors at a high price, ransom can be extorted for crippled core systems, or undesirable business activities can be torpedoed and sustainably damaged. Geopolitical conflicts are being fought not only militarily but also digitally. If a supplier's home country is on the wrong side of a conflict because it maintains a business relationship with that side, the company itself quickly becomes a target and is indirectly drawn into the conflict: digital warfare.
Due to its financially strong companies, technology-heavy economy, and peace-loving population, Germany is predestined for these invisible attacks. The understanding of preventive security measures has faded into the background over the last 30 years since the collapse of the Iron Curtain. People have become accustomed to peaceful trade with the world. Self-protection or self-defense felt unnecessary.
Loss of control
However, the technical opening of corporate infrastructure now forces a rethink. Salesforce, ServiceNow, Microsoft 365, Workday, SAP S/4 HANA, AWS, Azure, Google Cloud, or even AI applications like ChatGPT unintentionally punch holes in the previous protection provided by firewalls, virus scanners, and VPNs. A paradigm shift is necessary if you want to be protected. Infrastructure can no longer be seen as the necessary prerequisite for cybersecurity, as a company is no longer in control of it. Applications run everywhere, and data resides everywhere. Cloud and Software-as-a-Service are ubiquitous, essentially "homeless." The cloud world is complex.
Data gold in the vault
Consequently, our protection efforts must be precisely aligned with this new reality: Company data must be secure and protected. Its use must be controlled and directed so that abuse and infidelity are avoided. The infrastructure itself can no longer be the measure of all things. The focus has changed.
An effective security architecture includes the following cornerstones, which are hidden behind these new abbreviations and names. We will name a few providers for illustration:
- Identity and Access Management (IAM) - Protection against identity theft (e.g., Okta, PingID)
- Secure Web Gateway (SWG) - Protection against malware, phishing, and espionage (e.g., Netskope, Palo Alto, Fortinet)
- Cloud Access Security Broker (CASB) - Protection against unauthorized access to cloud applications and SaaS services (e.g., Netskope, Zscaler)
- Data Loss Prevention (DLP) - Protection against unauthorized theft or use of data (e.g., Netskope, Forcepoint)
- Extended Detection and Response (XDR) - Protection against all types of attacks on endpoints and services (e.g., Crowdstrike, Sentinel One)
These five components—to which others such as Cloud Security Posture Management (CSPM) for APIs, containerized, or serverless applications can be added if necessary—should be connected via automated orchestration so that the management of this solution is reduced to a minimum. An attack happens quickly, so action must be taken immediately. This is best done—actually exclusively—in an automated way: Security Orchestration, Automation, and Response (SOAR) is the appropriate term for this.
Success patterns
These system components are flanked by architectural principles such as Zero Trust Network Access (ZTNA) or Secure Service Edge (SSE). Every access and every action is checked, authorized, and logged, because the "enemy" on the World Wide Web can hide behind any "mask"—even that of an employee or service provider. Security Information and Event Management (SIEM) solutions make anomalies and attacks transparent and provide indicators for appropriate measures.
Of course, existing security systems such as firewalls, antivirus solutions, or VPNs are integrated. Not everything needs to be replaced. However, it is essential to be clear about the protection requirements of your data and applications in order to subsequently implement a custom-fit security architecture with effectively harmonizing components. Otherwise, you are just spending money.
Automated defense
If you automate their orchestration and the taking of measures, business leaders and employees can go about their work with peace of mind, without having to worry about the countless media reports about extortion, hacking, and destruction by cybercriminals. In addition, personnel deployment and costs remain manageable.
If you ignore this danger according to the motto "it won't happen to me," you should have good liability insurance (D&O) and have set aside sufficient provisions for the event of damage. Because: It is not a question of if a hacker will knock on someone's door. It is only a question of when, with what success, and with what consequences.
Do not let it come to that. The effort and costs are manageable and worth it; furthermore, not everything has to happen at once. Or do you leave the house without locking the door?
