3 KEY BUSINESS AREAS CYBERSECURITY FALLS SHORT

Putting your finger on exactly what drives business success is impossible because success is driven by a combination of factors. However, there is one thing that can compromise business resilience and your trajectory--cyber risk. Here are three key areas that drive business success and are at risk without an approach to network security that is designed for modern networks and operating models. 1. Innovation According to the most recent numbers available from the National Science Board, on a global basis, the U.S. leads in research and development with U.S. businesses spending over $608 billion on innovation in 2021--a 12 percent increase from the prior year. And these investments pay off. The top 50 companies in BCG's 2023 Most Innovative Companies report outperform on shareholder return by 3.3 percent per year. However, these days work environments are so diverse and dispersed that R&D teams are working on different clouds or even on-premises. Collaborating via any configuration in the modern network makes it particularly challenging to ensure only the people who are supposed to be working on an R&D project are in fact on the R&D project. This lack of visibility can put your intellectual property and trade secrets at risk. 2. Third-party ecosystem The average organization does business with 11 third parties and each of those third parties has a pathway into your organization--whether through technology integrations or supply chain processes or access into your environment as part of a service they deliver to the business. To mitigate exposure to risk from your third-party ecosystem, verifying that your suppliers have achieved SOC 2 compliance and have implemented a supply chain integrity process and a notification process if their supply chains are compromised are great places to start. Even still, 98 percent of companies do business with at least one third-party partner who has been breached. From a compliance, security, legal, and procurement perspective there are many reasons for concern. 3. Customer relationships The movement to meet customers where they are emerged nearly 15 years ago and now, depending on your industry, customers may expect to connect with you online, virtually, and through social media channels, in addition to in-person, phone, and email. Digital strategies are mostly cloud-based which means you are working with your cloud service providers and technology vendors to enable these services. Still, you are responsibile for protecting the data that flows through these channels and wherever it is stored, which can be overwhelming, particularly in today's multi-cloud environments. Think about cybersecurity differently The traditional approach to network security has been to focus on securing the network as well as possible and then detecting particular, known attacks. But there should never be a quantifiable threat coming from any of these vectors. It's how we collaborate in R&D or interoperate with partners and customers that can create opportunities for compromise. Beyond the known threats to every network, some activities should never occur and the ability to detect the behaviors that are known to be operationally out of bounds is incredibly powerful. Unfortunately, most organizations cannot detect that activity. When users, applications, data, and devices are spread across your multi-cloud and on-premises environment, how do you know what you've got, what it's doing, and what's happening to it? You need comprehensive visibility of all the participants across your environment and the ability to apply policies to enforce behavior that is normal or expected and alert you to activity that is not compliant. For example, when it comes to innovation, there's always the risk of IP being stolen and exfiltrated. R&D teams need to be segmented off from the rest of the organization using zero trust best practices of both identity-based access control and network segmentation to keep unauthorized users from accessing what's being worked on. These same best practices are also essential to have in place to mitigate risk from your third-party ecosystem or your customer-facing touchpoints. And since cloud misconfiguration issues are a major cause of data security breaches, it's also important to validate that your cloud infrastructure is configured and running properly. Rethinking network security to focus on comprehensive real-time observability of the activities of the users, applications, data, and devices across the entire multi-cloud and hybrid environment lets us see when things go awry. We can detect signs of abuse, misuse, or compromise to build resilience and continue on a trajectory to business success. EXPERT OPINION BY MARTIN ROESCH, CEO, NETOGRAPHY @MROESCH