*By Isabel Silva
Two or three decades ago, the cybersecurity debate revolved around antivirus and firewall basics. Then, initially driven by the explosion of devices and Internet of Things (IoT) initiatives, cybersecurity demands expanded its territory. Today, with the practice of home office already consolidated with companies, should we still think about security perimeter?
When we talk about information security, we still have a rooted culture of “it has always been like this”. Therefore, robust and costly architecture initiatives based on the initial defense of the perimeter are still 'card 1' in corporate projects. And that's okay, because as companies expand their perimeter, the greater protection their business resources and data have. And this is the visible part of the iceberg. But we can't forget the part we don't see.
Cybercriminals have found that digital supply chain attacks can deliver a high return on investment. That is, as the number of vulnerabilities proliferates and spreads across networks, it is expected that more threats will emerge. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks in their software supply chains, a threefold increase from 2021.
Hackers constantly monitor bulletins, alerts and posts made by digital defense companies in search of newly revealed openings that could lead to intrusion avenues. That is, the longer the initiatives of the security areas to update their infrastructure, the greater the chances of a cybercrime. Every second counts and every edge must be covered. Perimeter, gadgets, home office computers, VPNs, etc.
So, in this rough sea, with complex navigation and full of unclear dangers, planning the necessary security technology to support a company is a great challenge. Just because you don't see hackers doesn't mean they aren't on your network. Organizations that have a culture based on “it has always been done this way” are increasingly vulnerable due to their lack of oversight. This resistance to change puts them in an unnecessary risk position.
There are accessible tools on the market that are able to automate the survey of the digital maturity of companies and carry out the targeting of solutions. Incisively and assertively, it is possible to identify the gaps in the infrastructure and indicate the possible alternatives to solve the bottlenecks. Assessing threats is impossible without comprehensive visibility, making it a very complicated task in today's times. The “it has always been like this” no longer makes sense because threats are constantly changing and everywhere. And it is precisely this mindset that is all that cybercriminals need to take advantage of companies. It is necessary to expand horizons and quantify vulnerabilities in a risk-centric perspective that provides a clearer picture of the real situation.
*Isabel Silva is a specialist in cybersecurity and partner at Add Value Security
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
