From not neglecting the human element to prioritizing Internet of Behavior strategies, here are tactics for security leaders to stay vigilant.

With the spectacular innovation of cybersecurity threats of 2021 behind us, with more looming ahead in the months ahead, it will be more vital than ever for organizations to take a proactive stance at protecting themselves from these risks.

Here are the six measures to take in response to the cybersecurity threats heading our way:

  1. Leverage human-AI collaboration
    Through analyzing patterns, preventing repeated attacks and responding to changing malware behavior patterns, AI is empowering greater proactivity in preventing threats and responding to real-time attacks. It also reduces time and resources spent by organizations in managing these threats.

    But at the same time, organizations need to be aware that it will not be the panacea. AI solutions can augment analyst output, but will not entirely replace it. As cyber threats advance, detecting new types of attacks and handling more complex incidents will require human smarts, critical and creative thinking, and teamwork.

    This means emphasizing greater human-AI collaboration, where human analysts connect and correlate data from the AI output, streamline processes and generate actionable insights to strengthen their cybersecurity posture.
  2. Prioritize data privacy and data protection
    Nowadays, more consumers will take their business elsewhere if they do not trust that an organization is handling their data responsibly.

    Against this backdrop, place greater priorities on data governance policies and measures to manage data, and communicating this commitment to protecting customer data beyond just statutory compliance regulations.

    Additionally, having well-established data protection measures will protect intellectual property and preserve that competitive edge.
  3. Capitalize on the Internet of Behavior for cybersecurity intelligence
    Just as IoT gathers and analyzes data from the multitudes of connected devices, the Internet of Behaviour (IoB) attempts to synthesize data from users’ online activities from a behavioral perspective.

    While IoB is used in the retail industry for e-commerce players to tailor go-to-market plans, there is a strong case for its use in cybersecurity.

    The IoB data of every individual consumer can help security teams detect unauthorized activities by hackers, enabling security protocols to be activated at the earliest point of entry.

    By capturing more dynamic aspects of a user’s digital identity—such as typing rhythm, mouse movement, geolocation, type of device used, the usual pages and links accessed, and even walking speed, organizations will be able to detect non-conformal use or suspicious activities in an account, prompting IT and security teams to investigate further.
  4. Make every staff a stakeholder of cybersecurity
    Instead of going after organizations built like an impenetrable fortress, threat actors are finding alternative entry points via the weakest link: the increasingly distributed workforce.

    The rising popularity of Bring-Your-Own-Devices (BYOD) and IoT devices will create further headaches in the years ahead.

    With authentication remaining a huge challenge for IT teams, organizations must prioritize a healthy cybersecurity culture in their workforce, and provide continual and personalized training on maintaining high standards of cyber hygiene.

    Continually patched identity authentication practices and technologies such as smart cards, multi-factor authentication and biometrics can then fill the rest of the identity authentication and privileged access management gaps.
  5. Make cloud security YOUR responsibility, not the vendors’
    Securing the cloud is a whole different ball game as traditional security does not work the same way in the Cloud: there is no perimeter to protect, manual processes cannot occur with the necessary scale or speed; and the lack of centralization makes visibility extremely difficult to achieve.

    In addition, the API-driven approach that makes cloud-first environments so flexible and configurable, can also be a drawback that makes it easy to program-in misconfigurations that open the environment up to vulnerabilities.

    Cloud Security Posture Management (CSPM) tools should be used as a priority for monitoring and managing cloud infrastructure.
  6. “Privacy-officer-as-a-service”
    Essentially, any IT function can be transformed into a service, and this approach is widely adopted by organizations that want to cut costs and simplify IT deployments.

    For the smaller businesses that may not have the resources to officially appoint privacy officers, they can subscribe to ‘Privacy-officer-as-a-service (POaaS)’.

    Such services will enable more organizations to handle data privacy protection and management in various ways: checking, evaluating and documenting of data management processes; ensuring compliance audits in managing third-party data; training employees in compliance and awareness, as well as managing communications with regulatory authorities and stakeholders in related matters.