We live in a time of relative safety, as shown by the recent studies on cybersecurity. This means that even with the best cybersecurity measures, an attack can still be successful. Cyber resilience includes not just prevention and defense but also planning for recovery (system restoration) and business continuity management, ensuring the continuation of business operations. A halt in operations can cause significant economic damage and may even threaten the very existence of a business. Companies subject to NIS 2 and those in the supply chain, as well as all others, are well-advised to enhance their cybersecurity measures. We spoke with Thomas Masicek and Ursula Litschka of T-Systems to learn more.
Switch to German / Deutsche Version
Strengthening the Digital “Immune System”
A company’s digital immune system is like a healthy body’s immune system. A robust digital immune system ensures business resilience and is crucial for preparedness against crises and threats. This metaphor underscores the importance of a well-planned and current security strategy to make a company resilient to cyber events.
The Risk of Going It Alone
The question is no longer if, but when a cyberattack will occur and be successful. Many attacks are now coordinated rather than coming from lone hackers. In this era of organized threats, going it alone is not an option. Companies of all sizes should engage security consulting services to identify risks and develop robust cybersecurity solutions.
Security Strategy: Prevention, Resilience, Persistence, and Business Impact
A company’s security strategy should go beyond fending off cyberattacks. It must include prevention, resilience, and persistence. Resilience means rapid recovery: preparing to minimize impacts and quickly restore normal operations during emergencies is essential. Persistence involves regular security audits to immediately identify and address new risks. Core business values like reputation and trustworthiness can’t be insured; they must be earned daily. Rapid recovery after a security incident is crucial to maintaining the company’s reputation. Resilient companies are seen as more trustworthy by customers and partners. Additionally, cyber-resilient companies can confidently pursue digital transformation with a robust security structure. Let’s outline the elements of a comprehensive security strategy.
Reducing the Attack Surface
The acceptance of cloud services has skyrocketed in recent years. Despite advantages in scalability and availability, the cloud also presents risks. Approximately 93% of companies view cloud security as their primary cybersecurity concern. Increased connectivity, the rise of connected devices, and the spread of remote and hybrid work introduce vulnerabilities that need addressing. Third-party services also pose potential security risks. Security strategies can reduce the attack surface by segmenting networks. Historically, employees have often had more access rights than necessary. Reducing these rights to the essential minimum significantly decreases potential entry points for cyberattacks.
AI and Cybersecurity: The Future of Security
“The rapid spread and advancement of artificial intelligence (AI) have fundamentally changed society, the economy, and the security landscape. AI opens new possibilities for more effective cyber protection, from identifying potential security gaps to defending against sophisticated cyberattacks. Intelligent tools automate and improve complex security tasks, such as detecting anomalies, uncovering vulnerabilities, and prioritizing security updates,” says Thomas Masicek, Senior Vice President / Tribe Lead Cyber Security at T-Systems International. In the Security Operations Center (SOC), AI helps security analysts detect threats faster and respond to them. Integrating AI into security solutions also enhances the quality of security alerts and reduces false positives.
Data Protection Remains a Top Priority
The spread of generative AI brings both advantages and new challenges in cybersecurity. “Companies must ensure that no sensitive data leaks into public AI models and that internal data protection policies are followed,” says Ursula Litschka, Head of Go2Market – T-Systems Cyber Security Tribe. Thus, data protection remains a central part of cybersecurity training.
The Entire Workforce Becomes Part of the Cybersecurity Team
Security strategies must include comprehensive employee training, covering data protection and attack scenarios, especially social engineering. This includes injection attacks that exploit trust in emails from familiar contacts. These contacts may have been attacked themselves, making a compromised email account a potential ransomware trap.
Managed Detection & Response (MDR): Likely a Must for the Security Strategy
Pure endpoint security measures (EDR: Endpoint Detection and Response) are often insufficient against new threats. This is where Managed Detection and Response (MDR) becomes essential. While EDR offers advanced threat detection and response, it requires extensive manual analysis and is limited to endpoints. MDR provides comprehensive, around-the-clock monitoring and response to security incidents. By leveraging economies of scale, MDR providers deploy highly skilled security teams and advanced tools to detect and counter threats 24/7, even on weekends and holidays. Compared to pure EDR, MDR offers more proactive threat detection, thorough incident investigation, and better incident response. Staffing an SOC personnel-intensively is uneconomical for most companies, making MDR a beneficial solution. MDR suits companies with limited resources or security expertise, allowing them to focus on core business activities. Tip: When choosing an MDR provider, ensure they also offer SOC services for a comprehensive security solution.
Back then, when “Secure” Used to Mean “Slow”
While the cybersecurity landscape has dramatically changed, increasing security doesn’t have to compromise usability or speed. Today, hybrid work, cloud usage, user-friendliness, and strong cybersecurity measures can coexist without constant trade-offs. Zero Trust security, Security Service Edge (SSE), and Secure Access Service Edge (SASE) are crucial elements of modern cybersecurity. Zero Trust grants access to business applications based on individual rights, devices, applications, and context, without standard or permanent access. These solutions enhance user experience and are already used by 45% of companies in the EMEA region. Companies needing more than Zero Trust can consider SSE, which builds on Zero Trust by adding better policy control for cloud and web-based applications. SSE is part of the SASE framework, integrating network and security functions into a coordinated service, including network functions like WAN optimization and bandwidth aggregation.
Rethinking Security: An Asset, Not a Necessary Evil
Investing in security not only protects against potentially catastrophic economic and reputational damage but also serves as an active asset of trustworthiness, responsibility, and reliability. It forms the backbone of digital transformation on a secure foundation.