The cyber threat to companies is large and diverse, also because more and more attacks come from government-affiliated hackers and criminal actors. That shows Research from Cloudflare, the global connectivity cloud provider and the Cyber ​​Security Assessment Netherlands 2024. This puts both entire supply chains and a lot of cloud data at risk. Despite increasing attacks and average losses of around 940,000 euros in a successful attack, companies are still inadequately prepared. Fortunately, cyber resilience can be increased in five steps.

The digital risks are great, but few companies are sufficiently prepared for them. This picture emerges from the results of the Cloudflare study mentioned above. While the number of cyberattacks on Dutch organizations is increasing, the implementation of zero trust security architectures still falls short of expectations. The same goes for establishing a holistic culture and approach to improving safety. The financial impact of successful attacks is enormous, an average of 940,000 euros. The research shows that supply chains and cloud data are the most popular targets for hackers and also the most vulnerable.

The Cloudflare study “Protecting the Future: The Cyber ​​​​Threat Landscape in Europe” shows that 42% of CISOs surveyed in the Netherlands experienced at least one cyberattack in the past year. The most common types were phishing, website attacks (DDoS) and email attacks. Yet only 28% of CISOs say their organization is well prepared for future cyberattacks. While heavily targeted sectors such as media and telecommunications companies and retail are taking a more cautious approach, organizations that have so far been relatively spared, such as healthcare and energy, are significantly less prepared.

Take risks seriously

Delayed growth plans and layoffs, coupled with financial losses, are catastrophic consequences of a lack of risk preparation that companies of all sizes must take seriously. When it comes to budget allocation, management seems to have already understood what is at stake. More than half of those surveyed expect the budget allocated to cybersecurity to increase in the coming year. However, the most commonly used solutions still resemble a mix of measures that keep the complexity of IT environments high. In addition, many managers appear to be unaware of what a zero trust architecture entails, according to 87% of respondents. Zero Trust can help companies create a better user experience and more cloud-native options.

Vulnerabilities in the supply chain

Supply chain attacks target vulnerabilities in a company’s supply chain by leveraging third-party tools or services. These indirect attacks target dependencies that organizations often unknowingly rely on. One example is the SolarWinds hack in 2020, where cybercriminals added malware to a software update downloaded by thousands of customers. Such attacks often occur in two phases: First, the hackers gain access to the system of an external provider, which they then use to attack the intended target.

To protect themselves effectively, organizations can offer risk assessments for partners, but also adopt a zero trust approach, malware prevention and browser isolation, or install tools to detect and regularly patch shadow IT. Despite all these measures, it remains difficult for organizations to fully protect themselves against supply chain attacks. The large number of third-party dependencies in modern IT environments make complete protection nearly impossible. Therefore, a holistic approach to security is required that includes both preventive measures and the ability to respond quickly in an emergency.

Five steps to greater cyber resilience

Given the shortage of skilled workers, tight IT security budgets and the dynamic cyber threat landscape, organizations need a comprehensive security concept that takes the following key points and steps into account:

Step 1: Reduce security architecture complexity

Organizations must move away from complex, fragmented systems. Instead, a holistic “everywhere security” approach is recommended. It provides employees with secure access to web and multi-cloud platforms while ensuring effective protection against advanced cyber attacks. This also secures sensitive data and optimizes operational processes. The result is a comprehensive yet simple security solution for the entire company.

Organizations must move away from complex, fragmented systems.

Christian Reilly, Field CTO EMEA Cloudflare

Step 2: Take precautions

Lack of preparation inevitably leads to failure, especially in the area of ​​cybersecurity. Shockingly, less than a third of companies in Europe believe they are adequately protected. Therefore, there is an urgent need for more investment in integrated solutions that enable organizations to respond effectively to the ever-changing threat landscape. The zero trust model offers a promising approach to this. However, only about ten percent of decision makers fully understand the currently available solutions. Therefore, optimizing cybersecurity is a lengthy and expensive process that requires both a lot of time and resources.

Step 3: Create a robust security architecture

A robust security culture provides a strong foundation of knowledge and risk awareness that acts as the first protective barrier to detect and stop attacks more quickly. It also gives CISOs a case for investing in preventative measures, even before successful attacks have drastic consequences. When cybersecurity awareness is embedded throughout the organization, management is also more likely to recognize its critical importance. This makes it more likely that a holistic approach will be taken that promotes consistent application of cybersecurity policies by employees, suppliers and customers. This creates a comprehensive security net that protects the company from potential financial losses and increases resilience to cyber threats.

Step 4: Efficient cybersecurity thanks to SASE

By improving the security architecture, the preparation phase can be significantly shortened. SASE (Secure Access Service Edge) plays a key role here: This concept simplifies cybersecurity while increasing its effectiveness. SASE also offers companies a solution to meet the challenges of the acute shortage of skilled workers in the IT security market. By consolidating security functions on a single platform, SASE enables more efficient use of available resources and reduces the need for specialized personnel without compromising security.

Step 5: Modernize regulatory compliance

The use of fragmented, outdated security systems and manual processes makes compliance with changing laws increasingly complex. An efficient compliance approach is therefore essential for CISOs and CIOs. This should include flexible security controls for different areas. For example, controlling access to business-critical and SaaS applications, monitoring HTTP traffic to protect sensitive data, and securing the client-side and browser from supply chain attacks. But also the integration of firewall, HTTP and event logging with preference settings in SIEM or cloud solutions. A modular approach enables companies to meet current and future regulatory requirements, reduce costs, improve application performance and optimize the user experience. This holistic strategy simplifies the compliance landscape and gives companies more flexibility to anticipate regulatory changes.

Diploma

The cybersecurity situation in the Netherlands is alarming, as many organizations are inadequately prepared despite the increasing number of attacks. Reducing risk and impact requires a cybersecurity approach that includes both preventive measures and rapid response capabilities. Companies would do well to reduce the complexity of their security architecture and implement concepts such as Zero Trust and SASE. Finally, increased cybersecurity awareness across the organization is critical to increase resilience to future threats.

This is a post from Christian Reilly, Field CTO EMEA at Cloudflare. Click here to learn more about the company’s solutions.