By Mark Marron, CEO and President, ePlus, Inc.
Organizations are increasingly advancing their digital transformation efforts to deliver internal efficiencies, reduce costs, and improve customer experiences.
As a side-effect of doing this, many have become more reliant on third-party solutions like cloud providers, IoT, process automation, robotics, AI-powered cybersecurity threat detection tools, and more. With every new technology or new vendor that you introduce into your business, you also introduce enhanced risk as your attack surface grows.
Cyber criminals are like chameleons, always changing their skin to elude detection. The rise of generative artificial intelligence (AI) is a welcome addition to their toolkits, offering them new attack vectors to exploit, and even new ways to launch their attacks. For companies of all sizes, the need to double down on cybersecurity has never been greater.
A recent Gartner study forecasts that global IT spending will exceed $4.6 trillion dollars in 2023. Yet, the same survey notes that IT security is projected to make up less than 6% of IT budgets.
Investing in a robust, well-orchestrated and coordinated cyber security plan is a competitive advantage that can provide valuable returns to your business. Keeping your organization, its people and its data safe is top of mind for every CEO.
These are a few of the ways I think about securing the business that protect you but also provide you with a competitive advantage.
Improve Vendor Risk Management
The introduction of AI-powered automation technologies, interconnected systems, and a growing hybrid workforce have all helped to maintain and improve productivity, but they have also created new vulnerabilities and increased the potential attack surface for cyber threats. As companies increase their dependence on third-party products and services, they must have a strong vendor risk management program and/or a strategic partner that can expertly assess and manage the potential benefits and risks. Key components of an effective vendor risk management program include:
- Having an accurate inventory and onboarding of third-party suppliers. Know who you are using and exactly what vendors and technology are at work across your organization. This includes the identification of key contacts, websites, and support portals.
- Running table-top exercises with real-life scenarios to test your procedures and ensure you have a timely and appropriate response.
- Looking at methods of automation and integration with other key systems to ensure that third-party risk data is updated, accurate, and shared as appropriate.
Train Your Workforce to Be Your First Line of Defense
One of the main security challenges that AI poses for companies is its effectiveness at creating far more sophisticated and intricate versions of common cyber threats – including email phishing, malware, ransomware, or social engineering. While malicious attacks may come from disgruntled current/former employees or partners, many incidences occur because well-meaning employees are not well trained on the best cybersecurity practices. As a result, they are more likely to fall victim to these common cybersecurity threats.
An April 2023 survey conducted by Darktrace, Generative AI: Impact on Email Cyber Attacks, highlights the challenges employees and companies are facing from increased cyber threats.
More than 30 % of the 6700 employees polled from companies in the UK, United States, France, Germany, Australia, and the Netherlands admitted that they have previously fallen victim to a fraudulent email, and more than 70% said they noticed an increase in scam emails and texts over the previous six months.
Furthermore, the study noted that there was a 135% increase in novel social engineering attack emails in the first two months of 2023, figures that coincide with the rise in adoption of popular generative AI tools.
Companies need to prioritize cybersecurity training for employees at all levels. Training must be consistent and frequent, so employees are familiar with the latest threats that they may encounter and the protocols that they must follow when they identify and report potential threats.
Ensure Compliance with Increasingly Stringent Data Privacy Regulations
There is now more than 25 years of data circulating on the internet. Think about the first time you used the internet to sign up for a social media account, an email address, a subscription, joined a club, or made a purchase online; that information is still living somewhere. Now, imagine all the times you have done these activities since then. That is a lot of personal data floating around, potentially available to be shared with companies and bad actors alike in an increasingly digitally connected global landscape. Not surprisingly, data privacy regulations and protections are on a rapid rise, driven by concerns over data breaches and privacy.
For companies, non-compliance can be costly and have a substantial impact on your brand’s reputation. In the last few weeks alone, several high-profile industry-leading organizations suffered multi-million-dollar data breaches or received heavy fines for privacy violations. Industries like finance and healthcare are imposing stricter regulations and compliance standards related to data privacy and security.
Also, many countries and multiple US states are implementing stricter data privacy regulations. The most well-known regulations in place today include: the very comprehensive European Union (EU) General Data Protection Regulation (GDPR), which came into effect in 2018; the California Consumer Privacy Act, enacted in Jan. 2020; and the Brazilian General Data Protection Law, enacted in September 2020. Other countries like Australia, Japan, and India, are in the process of updating their own data protection regulations.
Invest in Cybersecurity as a Competitive Advantage
Demonstrating and supporting a strong cybersecurity posture will differentiate an organization from its competitors, attract new opportunities, and build a reputation as a trusted and reliable entity in the market. Simply put, as companies advance their digital transformation efforts, cybersecurity needs to be an even greater priority.
Today’s increasingly complex nature of cybersecurity threats, interconnected systems, shared infrastructure, and growing data protection privacy laws all necessitate the involvement of multiple key stakeholders – including customers, partners, and employees. With constant diligence and prioritization around cybersecurity, you are empowering your organization to not only adapt, but evolve, in the face of new frontiers in data protection.
Mark Marron is the CEO and President of ePlus inc., a leading global IT solutions provider headquartered in Herndon, VA. A 30-year technology industry veteran, Mark was named CEO of ePlus in August 2016. During his tenure, he has overseen ePlus’ significant revenue growth and geographic expansion. Mark has been recognized with multiple Best Workplace honors – including Best CEOs for Women (according to female employees, 2020) and Best CEO (Large Companies, 2019 & 2020).
About the Author
Mark Marron, the CEO and President of ePlus, Inc. Mark can be reached online at LinkedIn and at our company website www.eplus.com