Robyn Westervelt, a research director within the Security & Trust group at IDC, recently worked with a major consumer products manufacturer whose production facility was hit with a devastating ransomware attack.

Before the attack, the company had done virtually nothing to protect its IT environment. Law enforcement officials told the company there was very little chance of getting access to its corporate data, even if the organization paid the ransom. The company was forced to go to unreliable tape backups, and even began calling retired employees to confirm the formulas for some of its flagship products.

“They had to shut down production, the incident cost them millions, and they actually lost intellectual property,” Westervelt says. “They hired a chief information security officer and put in security measures after the fact.”

Like many such incidents, this attack was never made public. But Westervelt says it was an “eye opener” for her to see just how much even large, well-known companies continue to struggle with the fundamentals of cybersecurity.

While cybersecurity has long been a crucial component of IT, rapid data proliferation is making it an even more pressing challenge — with the rise of 5G networking poised to further exacerbate the issue. According to the 2019 Cost of a Data Breach Report from the Ponemon Institute, the average data breach exposes more than 25,000 records and costs nearly $4 million. In addition to losing access to their data or experiencing system downtime, breached organizations risk regulatory fines and hits to their public reputations.

To protect their data, organizations must shore up their cybersecurity fundamentals, invest in modern solutions and continually assess and test their environments to make sure they will stand up to a potentially constant barrage of attacks being leveled by increasingly sophisticated hackers.

John DeLozier, a technical director at FireEye, warns that even well-known threats are constantly evolving and becoming more advanced. “We used to look at ransomware as a sort of commodity nuisance,” DeLozier says. “It was what you got for not brushing your teeth: You need good hygiene, and that’ll fix the problems.”

DeLozier says cybercriminals are now establishing footholds and selling access to “downstream” hackers — creating a barrage of new attacks. “It is still preventable, and it can be detected and shut down pretty quickly,” he says. “But it is much more significant and generating a lot of money for these threat actors.”

DeLozier also points to an uptick in the activity of state-sponsored cyberthreats. And while malware dwell times are lowering, they’re still far too high, he says. “Yes, 50 days is better than 60,” he says. “But when you’re talking about 50 days, the damage is usually done at that point.”

DeLozier notes that organizations can protect their environments with solutions such as next-generation firewalls, email and cloud security tools, data loss protection solutions, identity and access management, and cloud access security brokers. But, he says, it’s also important for organizations to carefully think through what they are protecting and why, and to place the greatest protection around their most valuable and sensitive assets. “First, I would really want the organization to know what’s valuable to them and why,” he says. “I always try to suggest, don’t spend more to protect something than it’s worth.”

Rick McElroy, cybersecurity strategist for VMWare Carbon Black, reports that practices such as backup and restoration are critical to supporting resilience. Many organizations, he says, are struggling to manage increasingly complex cybersecurity environments, and cybersecurity leaders are looking to vendors for more streamlined and consolidated tools.

“I think defenders feel that they have better tools than ever,” McElroy says. “But the complexity for defenders has gone up massively. That’s not tenable. The average team managing 20 to 50 controls isn’t sustainable. Teams are starting to go with the smallest number of technologies to drive the security outcomes that they want to achieve.”

FireEye recently acquired Verodin, which makes a platform that helps organizations to validate the effectiveness of their cybersecurity efforts. This sort of ongoing assessment and validation is critical for ensuring that tools are working as expected, DeLozier notes. “Often, the product would perform as advertised if configured correctly, and problems are often honestly just a configuration issue,” he says. “Organizations are making these investments, they feel like they’ve bought everything under the sun, and yet they may not have solved any of their real problems.”

Similarly, McElroy says, many of VMware Carbon Black’s customers are increasingly relying on the company’s cloud platform, which combines prevention, detection, response and assessment in a single tool. “Our threat hunt team will go through their data sets and bubble up malicious things to customers, because we have one data platform to work off of now,” he says. “It’s going back to simplifying security.”

Still, McElroy says, even with more advanced detection and validation tools, humans are needed to conduct periodic penetration testing and vulnerability assessments. “In the next five to 10 years, that will flip a little bit,” he says. “But today, if I’m running a cybersecurity program, I do bring in a continuous assessment tool, but also bring in a red team once a year to check all that work, if you will.”

DeLozier agrees. “The red teams are still super important,” he says. “But emerging tools allow you to conduct assessments on a continual basis. I see them as incredibly complementary.”