{"id":13951,"date":"2018-11-29T11:00:03","date_gmt":"2018-11-29T19:00:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/11\/29\/news-7718\/"},"modified":"2018-11-29T11:00:03","modified_gmt":"2018-11-29T19:00:03","slug":"news-7718","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/11\/29\/news-7718\/","title":{"rendered":"Scrutinizing your cybersecurity strategy through a digital risk lens"},"content":{"rendered":"

Credit to Author: Herv\u00e9 Coureil| Date: Thu, 29 Nov 2018 11:42:38 +0000<\/strong><\/p>\n

The Symantec 2018 Internet Security Threat Report[i]<\/a> mentions a 600% increase in overall IoT attacks in 2017. It\u2019s clear: cyber threats and incidents are a major operational risk every enterprise faces along their digital transformation journey. That\u2019s why we believe that implementing a cybersecurity strategy that is viewed through the lens of digital risk is imperative.<\/p>\n

McKinsey estimates there are 120 million new malware variants developing every year[ii]<\/a>, showing how cyber attacks become more and more relentless\u2026We must heighten end-to-end digital risk measures and operate with a cyber-resilient mindset at every step.<\/p>\n

For companies embarking on digital transformation, risk today goes well beyond a sole connected object, or database. It now spans the full extended digital enterprise<\/a>, including supply chain and partners. Managing digital risk therefore must be framed by a business-driven strategy, as \u201cOrganizations can no longer evade the truth that digital has become the need of the hour and the most effective enabler for creating a differential and unique competitive advantage\u201d (Deloitte) [iii]<\/a>. This strategy should be clear and communicated across the company, as<\/p>\n

“78% of Board decisions are are regularly influenced by risk data per Gartner.”[iv]<\/a><\/span><\/h3>\n

\"\"<\/a> <\/p>\n

4 ways to stay ahead of cyber risk<\/strong><\/span><\/h2>\n

Only 30% of CIOs, in conjunction with CISOs, take cross-organization steps to drive a business-led approach to digital risk. [iiv]<\/a>. We can do more. Start by re-framing cybersecurity as a business conversation instead of a technology one. Rethink cybersecurity as a continuous, always-on, proactive activity \u2014 not a task or a cog in a process.<\/p>\n

Within this context, here are 4 items that we believe are important while implementing an effective risk-based approach to cybersecurity:<\/p>\n

    \n
  1. Look at cyber from all perspectives. <\/span>Cyberattack scenario planning is often a good starting point, as it makes you think from the perspective of the attacker. Model threats and make cyber risk scenarios tangible from a bottom line standpoint (i.e., cost, reputation, business disruption, supply chain impact). This approach makes cyber a business conversation, not a technology one.<\/li>\n
  2. \u00a0A blast-all stance simply won\u2019t work with cyber.<\/span> Trying to do everything at once does nothing, except, that is, make prioritization impossible and the impact of each project or effortless than it should be. Instead, using concrete risks scenarios \u2014 as mentioned above \u2014 allows you to be efficient at prioritizing prevention, detection, response, and recovery plans. In this way, you can target funding to the best use.<\/li>\n
  3. Cybersecurity no longer is about just protection. <\/span>It demands a layered in-depth approach, from identification to recovery. Schneider Electric uses the NIST framework<\/a> to guide its end-to-end cyber strategy. Regarding digital security only as a matter of building thicker walls slows down everything and creates barriers. But if you think of cybersecurity as spanning everything, you can take a proactive approach and drive digital innovation as an inherent part of your security framework.<\/li>\n
  4. Strengthen your cyber posture by learning as much as possible about every and any incident.<\/span> And be sure to share debriefing information across your extended enterprise and digital ecosystem, including partners, customers, and authorities. Doing so allows you to correct processes, plans, and risk scenario modeling. The recovery phase is critical. It is during this phase of the NIST framework that your cyber muscles become stronger, making you faster to beat the next event.<\/li>\n<\/ol>\n

    Improve your cybersecurity resilience<\/strong><\/span><\/h2>\n

    In a digital world, no company can become a castle. Building a higher wall isn’t the answer.<\/p>\n