It is a reminder for organisations to prioritise risk management and mitigation, particularly during high impact low probability events.
In the rush to react and to enable the shift to remote working, how many organisations have gone through a formal risk assessment process? Have they implemented and monitored Governance, Risk, and Compliance policies and frameworks? And even if organisations have these foundation-based elements, how do you adapt to shifts in operating model and working patterns with the exponential growth in Cyber Crime?
The challenges associated with Cyber Crime were a concern for many organisations even before the pandemic hit and are more important than ever to consider and keep on top of now:
Cyber Crime is growing, and its impact is more expensive to businesses
With Cyber Crime continuing a well-documented trend of increasing year on year, the average cost of a breach also on the increase. It is no longer a case of if you will get breached, but when. Governments and various regulatory bodies have, to some extent, provided frameworks and best practice guidance to help curb this growth, but are organisations proactive in mitigating this risk or just simply ticking the boxes to be compliant?
Implications of digital transformation
Cloud is a key enabler of digital transformation and leverages offerings that move key business assets outside of the traditional network perimeter. Whilst Digital Transformation has countless benefits for businesses, we must remain conscious of the cyber risks associated with cloud adoption; a wider attack surface via numerous devices and increased mobility. IT project teams must now consider Cyber Security implications as a fundamental part of business transformation. They must think long-term too; IoT devices, AI, Autonomy, and 5G that will further increase an organisations attack surface.
One point solution isn’t enough
So, how many Cyber Security Products is enough? The Cyber Security technology industry is unlike any other, with thousands of point solution providers for organisations to choose from. However, one product can’t solve the variety of Cyber Security challenges businesses face alone. The question is, how do organisations implement an appropriate defence that’s fit for purpose? What products are best suited to mitigate the risk that your organisation is exposing? A balance of solutions that not just block but also detect could be the answer, but you must also take the budget and resource into account when developing security plans.
Cybersecurity expertise is expensive and hard to find
Even if your CFO has signed off on yet another point solution. Finding the skill sets required to correctly implement, understand, and act on all the data or alarms coming from your point technology is an increasing issue for a lot of organisations. Technology recruiters will tell you that Cyber Security expertise is highly sought after and hard to come by in today’s competitive market. Meaning most organisations don’t have access to this much-needed resource and but still need to defend against a growing problem with a static staffing and limited skill sets.
Expectations from Key Stakeholders
Business leaders and owners are becoming more and more concerned with the potential impact of a cyber breach to the business. The possibility of personal liability, regulatory fines, and the need for appropriate accountable protection has never been higher. The board must drive good cybersecurity practise from the top down and they can’t and won’t continue to bury their proverbial heads in the sand.
It is important to see Cyber Security as a continuous operation, not as an implement and forget project. Firstly, you should make sure you understand your attack surface, I.e. the avenues criminals use to target your business. This needs to consider external and internal threats. Secondly, you must define your goal. Typically, it will be a realistic expectation set by business leaders and shaped by a good GRC (Governance, Risk, Compliance) strategy factoring in any regulatory requirements.
Be sure to take your time and find the right security partner or you. Even the largest and well-funded security practices work with external parties to build and evolve their capability. Organisations like Maintel can provide Cyber Security expertise, discovery and assessment services expertise, discovery and assessment services. A good partner will understand your goal and will work with you to incrementally improve your operation.
It’s always important to take a step back and consider how we’re coping with change, especially when change is difficult and unexpected. It is often said that change is an opportunity, and COVID-19 has created an opportunity for organisations to review their approach to Cyber Security.