According to a recent McKinsey survey, 75% of experts consider cybersecurity to be a top priority. That’s true even of industries like banking and automotive, where there are enormous risks that have emerged in recent years.
Today every company, government bodies and financial firms are targets of cyber-attacks and risk managers now consider cyber risk to be the biggest threat to their business. The danger is too large and current posture may not always be successful. Cyber risk may arrive in new way as companies and industries embrace new technology like AI, ML, IoT etc to reap more profits.
New Approach by Organizations Spinning Their Wheels
Organizations across the world are taking new approach says research. Companies are identifying and taking a look at biggest risk and business assets, business continuity depends upon.
Research says even when a company is not a primary target, it’s at risk of collateral damage from untargeted malware and attacks on widely used software and critical infrastructure. And despite all the new defenses, companies still need about 99 days on average to detect a covert attack. Imagine the damage an undetected attacker could do in that time. This indicates more and intense threats companies need to deal with.
As business goes digital the threat landscape expands making companies more vulnerable to cyber-attack. Hackers are continuously honing their skills and increasing their attack base. Companies are having their cyber security strategies in place like the firewalls and latest threat detection software in place. But we cannot deny the presence of third party suppliers.
There can be innumerable number of entry points for hackers and cybercriminal which organization cannot afford to overlook. These may range from Wi-Fi enabled camera to IoT devices which are installed in companies. As the IoT grows and more companies hook their production systems up to the Internet, operating technology (OT) is coming under threat as well.
By 2020, the IoT may comprise as many as 30 billion devices, many of them outside corporate control. Already, smart cars, smart homes, and smart apparel are prone to malware that can conscript them for distributed denial-ofservice attacks. By 2020, 46% of all Internet connections will be machine-to-machine, without human operators, and this number will keep growing says research.
The New Posture Adopted by Companies
Organizations and executives need to go more adaptive and need to have a collaborative approach towards cyber risk. Researchers from Mckinsey have observed the following principles used by some of the world’s leading cyber security teams at global companies.
- Cyberrisk needs to be treated as a risk management issue, not an IT problem. Prioritizing of relevant threats, determines company’s risk appetite and the definition of initiatives to minimize risk. Also bring transparency and governance in real time risk management.
- Companies must address cyberrisk in a business context such as vendor risk management.
- Companies must seek out and mitigate cyber risk on many levels such as data and people handling such critical data, applications and threat arising at different levels. Automated tools help in listing assets and focus on those that bring more risk.
- Companies must fine-tune business-continuity and crisis management structures and processes to meet changes in various threat level. Being adoptive is must along with processes, IT, OT, and products need to be reviewed and adjusted as cyber threats evolve.
- Cyberrisk calls for comprehensive, collaborations within organizations and addressing all parts of the business affected by cyberthreats is a definitive part. This includes suppliers, vendors and customers too. It might be difficult to protect a company against the most advanced attacks, systematic governance is the best insurance against the bulk of everyday attacks.
- The new approach also makes better use of cybersecurity resources and funds wisely and remain protected. Just refocusing investment on truly crucial assets can save up to 20% of cybersecurity cost.
- Other benefits include less disruption of operations, which cybersecurity initiatives often bring about.
Building Resilience, Step by Step
Successful cyberstrategies are built one step at a time, drawing on a comprehensive understanding of relevant business processes. Three key steps are to prioritize assets and risks, improve controls and processes, and establish effective governance.
Almost all companies are exposed to automated attacks and, indirectly, to industry-wide attacks. Beyond these unspecified threats, the relevance of other attack categories differs significantly, depending on the industry and the company’s size and structure.
(Image Courtesy: www.wwt.com)