A Letter From SecureLink’s CTO On The 2022 Ponemon Institute Report

A letter from SecureLink Chief Technology Officer Joel Burleson-Davis

I wish I could introduce you to a report with better news. Organizations are facing an increase in cyberattacks and its financial impact is enormous. The areas of vulnerability found in 2021 seem to only be growing in 2022, with more organizations reporting cyberattacks caused by third parties. Software companies are facing this problem. Hospitals are facing this problem. Banks are facing this problem. We’ve reached a point where no one can afford to ignore the increasing threat of cyberattacks.

The good news is that organizations that are smart about strengthening their cybersecurity infrastructure can succeed in reducing vulnerabilities and fending off attacks. A few organizations were able to improve their security posture in the last 12 months, but it still wasn’t enough to move the needle — and it’s not for a lack of trying. Organizations are spending more than ever, but are still experiencing cyberattacks. It begs the question of how these investments became so misplaced.

Given the year-over-year increase in cyberattacks, it’s striking that the majority of organizations continue to use manual controls to monitor third-party access when automated options are not only available but necessary. Organizations race to innovate within their competitive markets but forget that cyber risks are evolving just as quickly.  The amount of third-party attacks will only increase if organizations continue to rely on manual infrastructure. The same keen eye a company places on new developments within its industry needs to watch for emerging risks and do so with the most advanced tools.

Organizations’ reluctance to update their security infrastructure might be due to budget or personnel. A number of companies choose to build their own security system because they don’t know there are options out there that have already been built. Or they may look for a quick and immediate solution that won’t have lasting effects. They’ll become more and more vulnerable with each passing year that their security software remains the same.

When organizations finally recognize the need for automated tools, they still might not know where to start. The problem I often see is that the initial, fundamental questions aren’t being asked: What would a successful framework look like? What would it solve? Organizations don’t identify their own requirements before they begin poking around the internet looking for a software solution. They need a problem-first approach over a tool-first strategy. And before a company simply Googles it, they should recognize that there is value in talking to people and other trusted organizations as well. Companies may feel unique, but the problem of third-party security—or lack thereof—is ubiquitous.

Organizations need to prioritize critical access management to strengthen their cybersecurity infrastructure and protect their most important assets, which can only be done if there is an automated system that detects vulnerability and remains vigilant as new risks emerge. Developing automated infrastructure is a powerful form of insurance, especially when every company in the world needs to address cybersecurity.

The attacks won’t stop coming, and no one is immune. But every company can be proactive in preparing for the worst, so it can emerge at its best.

The full 2022 Ponemon Institute Report was released on Wednesday, July 20.