Building Cybersecurity Ecosystem

Building Cybersecurity Ecosystem

In general, customer information, financial information and strategic plans make up the top three most valuable information that organizations like to protect from cyber-attack. This narrow view, at best can be seen as the tactical move by the organization. It is important to have holistic view of the cyber security and its implementation. The progressive organizations consider including cyber security as an integral part of their strategy and business plans. It is also observed that cyber-attack has long term impact on the performance of the organization, including the impact on stock market returns.
It will only be apt to say that cybersecurity needs to be in the DNA of the organization. It should be integral part of the organizations business strategy. It is observed that in recent times, awareness and investments in cybersecurity is increasing but not in lines with the rise in cyber-attacks. In the new business world, organizations are potentially connected with thousands of third parties; they are therefore also dependent on the security measures taken by those third parties. The cybersecurity awareness and investments are just not the function of the organization, but they are a function of the ecosystem. While building the cyber security ecosystem the focus should be on the entire eco-system of the organization.
“Cyber breaches will have increased impacts on corporate stock prices, especially in the technology and cyber security sector. The rate at which we’re seeing attacks, and the breadth of the impact is alarming but as of yet haven’t had a large impact on stock prices. However, this will soon change as organizations complete their digital transformation and move to the cloud. Once this happens, a breach is going to have a larger impact on their revenue and as a result a detrimental effect on stock price. Another impact of companies moving operations and revenue to the cloud is we’re going to see more criminal and state organizations going after cybersecurity companies to infiltrate code in their distribution base or take them offline to get to the corporations themselves.” Stan Lowe, Global CISO, Zscaler
We understand that executive management of almost all organizations have limited or no understanding of cyber security. Furthermore, most of the traditional businesses viz. retail, automotive, and transportation sector believe that their board/executive management do not have comprehensive understanding of information security to fully evaluate the cyber risks the company is facing, and measures deployed to mitigate them. As of now, in most of the cases, the sight of cyber security is not beyond the web and email security. This strategic oversight in relation to the cybersecurity needs improvement, and organizations need an innovative cybersecurity strategy rather than responding in a piecemeal and reactive way. The focus of organization should be on putting cybersecurity at the heart of corporate strategy. The focus should be on the Right Resource, Right Technology, and Right Reporting.
Resource: Most organizations have increased their cybersecurity budget after they have experienced a cyber security breach impacting them. Businesses needs to invest in technology, cyber security resources and employee training in order to prepare for the next generation threat landscape. It is important to have right set of resources in the cybersecurity team. We cannot afford to have careless employees in the system who invite threats to the organization. The challenge is that most of the organizations can’t afford to have a specialized team for their cyber security management. For them a cyber security lab is a green field project. It is always challenging to quickly build up capabilities in house. In such scenario, the cyber security team should, instead look to build a relationship with an outside vendor with these capabilities; and have them available for when a breach occurs.
Technologies: Organizations are now convinced that looking after cyber risk and building in cybersecurity from the start are key to success in the digital era. The focus is also on how cybersecurity will support and enable enterprise growth. On the one hand, a small number of organizations name smart phones, Internet of Things, 5G and other new technology areas as high-risk areas. On the other hand, many organizations are thinking how emerging technologies can help in optimizing cybersecurity. It is important to “Continue the focus on emerging technologies as cyber criminals are also investing in artificial intelligence, machine learning, Internet of Things, 5G, and others. In such a complex environment, a cyber security expert should design a framework that covers adequate or formal programs for threat intelligence, vulnerability identification, breach detection, incident response. These experts should progressively focus on better incident-response planning.
Reporting: The cybersecurity risks run much deeper than just the loss of data. Organizations face regulatory fines, competitive disadvantage, loss of intellectual property, reputation erosion, litigation fees, insurance premium increases, reduced customer satisfaction, and many other negative business outcomes. Reducing time-to-resolution is critical in a company’s ability to mitigate the many negative results associated with security incidents. Organizations must recognize that breeches are inevitable and shift their focus to risk reduction. It is also important to be more open around reporting security operations like, the possible cyber-attack, what we have done, where the gaps are, where we have breakdowns. The structured reporting help boost understanding of the threats and encourage the organization to take appropriate action. But, unfortunately most organizations are not satisfied with their reporting on security operations or security breaches. As on date there are a few Indian organizations agree that their information security reporting currently fully meets their expectations.
Organizations have focused their budget and resources on technologies like firewalls, anti-virus, intrusion prevention (IPS), etc. In this ever-changing technology driven world, the cyber security risks have become too complex to identify and manage. A primary challenge organizations face is the difficulty in quantifying risk and the disconnection that exists between how risk is perceived by the boardroom and by the security operations team.

You may also like...

Popular Posts