A Catastrophic Cyber Event in the Next Two Years. Are You Ready?
Published 06/23/2023
Originally published by Avanade.
Written by Rajiv Sagar.
Over the last few years, cybersecurity has become a board-level imperative. Geopolitical instability, ongoing military conflicts, and a wide-spread economic downturn, have all increased cybersecurity threats, which need to be tackled rapidly.
These fears have been addressed in the Global Cybersecurity Outlook 2023 report released by the World Economic Forum (WEF), in collaboration with Accenture, at Davos. The report found that geopolitical instability is exacerbating the risk of catastrophic cyberattacks, with over 93% of cybersecurity experts and 86% of business leaders believing ‘a far-reaching, catastrophic cyber event is likely in the next two years.
Tides are turning, but not fast enough
As the Cybersecurity Lead here at Avanade, here are some common things that I’ve seen be overlooked as a business develops its cybersecurity strategy:
- Cyber threats are now focused on ensuring maximum business disruption and reputational damage. Organisations have turned their focus on day-to-day defences, rather than long-term investment – an approach which needs to be reconsidered
- The threat landscape is becoming increasingly volatile, with security pressures mounting due to the ongoing acceleration and speed of digital transformation journeys. However, many organizations are struggling to update their security requirements at the same pace.
- To counter growing cyber-risk, cyber awareness and cyber resilience is key in every aspect of business. This requires a change in mind-set. Many organizations don’t consider security as a business enabler or know how to build a true security focused culture.
For organisations trying to improve their cybersecurity posture, we have a number of recommendations they need to think about in the near-term. These include:
1. Partner to protect against new and emerging threats
Professional cybercriminal groups are creating a higher number of new attack methods, giving them an advantage as they can adapt more quickly than organisations can defend or recover.
As organisations try to counter this, they must remember trusted global partnerships with boundary-less sharing of threat intelligence and best practices can enable more effective cyber-resilience.
2. Treat third-party providers as your own
The pandemic brought to the fore our dependence on the supply chain and our exposure to the shortcomings of third-party providers. In fact, 90% of respondents to the WEF survey were concerned about the cyber resilience of third parties. You might be doing everything in your power to protect your own users and data, but can your partners and providers say the same?
It’s essential to gain a full view into how your closest collaborators are handling the sensitive information made available to them. Assess your third-party relationships with the same scrutiny as you do internally.
3. Create urgency from the top down on instilling culture
Security is vital to a business’ long-term success, and so awareness campaigns across the enterprise and having the board engaged in ensuring accountability is no longer optional. The WEF report states that cybersecurity teams can provide valuable insights for embedding cyber-risk management throughout an organisation by educating employees on their personal responsibility for managing cyber risks.
A trusted provider should be able to help you with proactive ways to evolve human behaviour and instil a security culture.
4. Scale your capabilities and close the skills gap by working with trusted technology suppliers
One thing that surprised me about the state of security is just how slow many businesses are to adopt a Managed Security model. Doing so limits insights, response speed and effectiveness.
Engaging a Managed Detection and Response provider as part of a Managed Security Solution will help detect and resolve cyber compromises, faster and more effectively. These teams can work alongside you to provide more insight, efficacy and increase their level of protection against new and emerging threats, so that you can focus on what counts most – growing the business.
5. Security and the business need to speak the same language
Leadership teams may now be listening to the concerns of cybersecurity leaders but, communications between business and security leaders must improve for a cybersecurity culture to be fully adopted. Part of this change will come when cybersecurity leaders articulate the value and impact of cyber-risk management in a language their business counterparts can understand – a common language based on metrics which matter to the business is a good start.
Related Resources
Related Articles:
Modern Day Vendor Security Compliance Begins with the STAR Registry
Published: 12/20/2024
Texas Attorney General’s Landmark Victory Against Google
Published: 12/20/2024
10 Fast Facts About Cybersecurity for Financial Services—And How ASPM Can Help
Published: 12/20/2024
How to Demystify Zero Trust for Non-Security Stakeholders
Published: 12/19/2024