Trends driving endpoint exposure Undoubtedly, the way companies conduct business has changed significantly in recent years. Business-enabling technologies and systems, such as collaboration tools, BYOD, and cloud services have been innovating at a breakneck pace. As a result, IT has needed to continually redefine its strategic focus to adapt. Amid this disruption, companies are experiencing the convergence of pivotal market trends that have made the endpoint the new perimeter, creating a business imperative to prioritize cyber resiliency. Expanding attack surface A key trend driving the need for cyber resiliency is the expanded corporate attack surface stemming from cloud adoption and device mobility. With the introduction of cloud computing, businesses quickly saw the value and opportunity to offload infrastructure investments and scale resources. IDC predicts that 67 percent of enterprise infrastructure and software will be for cloud-based offerings by 2020. However, cloud adoption and mobile-enabled employees have introduced distributed networks, which are more complex to secure, and consequently, cybercriminals have been given more avenues whereby they can dole out their attacks on companies. Consequently, the expanded corporate attack surface has created one of the greatest pressure points for companies to establish cyber resiliency. Increasing value of data The advancement of digital transformation and artificial intelligence, as well as the use of big data has led to the rise of insight-driven business—one where data empowers growth through market disruption, enabling productivity and opening new revenue streams. Across industries, companies have evolved so that the data they hold is, in fact, their flagship product. Indeed, 63 percent of senior decision makers report that big data is now a driver of revenue and is becoming as valuable to their businesses as their existing products and services.2 The value of corporate data hasn’t gone unnoticed by cyber criminals. With stolen personal information, they can earn US$1,000 per record on the black market,3 as well as commit social engineering scams and a variety of other illegal acts. Accessing that highly-sought-after data is the driving force behind cyberattacks on corporate networks, which relentlessly pursue employee endpoints to gain a foothold into the organization.4 With 70 percent of companies reporting that their data is very to critically important to the business operations,5 cyber resilience becomes essential for organizations to ensure that their data is safely protected and accessible at all times. Ever-evolving attacks Since the dawn of the first cyberattack, threat actors have continually advanced their tactics to evade detection and gain access to corporate endpoints. Originally, attacks on endpoints were launched merely as a pathway into the enterprise network for more valuable targets. In recent years, however, automated attacks like ransomware and laterally How to Become Cyber Resilient: A Digital Enterprise Guide 3 spreading exploits, such as SMB vulnerabilities have “democratized” the victim pool, making the endpoint itself, and the data on it, the prime target. And companies of every size are in the fray. Cybercriminals have created dark web marketplaces that provide an ecosystem for their peers to collaborate and build sophisticated attack packages at minimal expense. This, in turn, has made it viable for threat actors to broaden the scope of their targets and pursue businesses of all sizes. And just one successful attack can disrupt operations and occupy response teams for weeks to successfully restore the network. Complex and increasingly punitive compliance requirements Regulations have been a necessary component of the digital age to provide legislative guardrails that ensure companies are adopting adequate care to safeguard their customers’ sensitive data. Now, more than 100 countries around the globe have enacted comprehensive data protection legislation. Between far sweeping, international regulations such as the Global Data Privacy Regulation (GDPR), industry-specific compliance frameworks, and state-level legislation, most organizations across industries must comply with some level of regulation. And often, companies are impacted by multiple, differing regulations. The ever-changing regulatory environment has created an increasingly complex compliance labyrinth for organizations to navigate. Yet, noncompliance can lead to steep fines, as well as result in corporate operations that are unable to perform with agility and exactness when an incident occurs. Increasing costs of breaches and mitigations Successful breaches cost organizations significantly in lost revenue, customer turnover, and data loss. And it’s hard for companies to recover from interruptions to operations and reduced brand value. Think back to the 32GBs hackers published in July 2015, exposing personal details on Ashley Madison’s entire customer base when the company refused to pay a demanded Bitcoin ransom. As part of the fallout, users whose details were leaked won a class-action lawsuit against the company for US$11.2 million.6 The cost of breaches and mitigations are on the rise. According to Ponemon Institute, the average breach has skyrocketed to 24,615 records globally and costs US$3.8 million.7 If the costs of a breach don’t put a company out of business, often, it can take years for the organization to recover and return to their same level of financial performance. These converging trends have pushed the corporate endpoint forward as the new first line of defense against security breaches. In addition, they are creating greater urgency and importance on an organization’s readiness to deliver effective cyber resilience in the face of the inevitable attack. How to Become Cyber Resilient: A Digital Enterprise Guide 4