Are Enterprise Companies Taking Cybersecurity Seriously Enough?

Another day, another cybersecurity incident. Unfortunately, that seems to be the pattern. Kaseya, an IT solutions developer, was most recently the target of ransomware impacting hundreds of businesses. So, why are these breaches occurring? And what’s the solution? In the Cloud host Daniel Litwin welcomed Nuno Povoa, Senior Security Consultant for Eurofins Cyber Security US, to address these questions. Povoa has over a decade of experience developing strategic and technical insights to improve data and business resilience.

Povoa listed several issues that are hindering better data security. “The appetite to invest isn’t there. It’s a cost center, and we need to realign how we think about budgeting. There’s also the issue of attracting and retaining talent, which should include investing in the education for current staff.”

When it comes to breach prevention, many threat actors are using unsophisticated tactics like phishing. So shouldn’t an enterprise have better defenses? Povoa answered, “There is a gap in security awareness training because it’s just for compliance purposes. Then there are also legacy systems, which you can’t update and are complicated to protect.”

Even those with mature programs aren’t risk-free. Povoa proposed that companies share data and intelligence around cybersecurity to be a “win-win for the market.”

With complex infrastructures and ecosystems, multiple entities have access to data, and there’s often a weak link. “It’s hard to keep visibility across all data. We need to concentrate on what comes into the network. Always be proactive in security. We’re also now deploying behavioral machine learning-based analytics to detects users as a risk.”