Cybersecurity is an unending challenge for businesses. Just as they catch up, the bad guys innovate their techniques to continuously stay one step ahead. It’s an issue that will persist meaning cyber risk has become a business risk.
Organisations know anything that threatens their IT, threatens their company. It's a pattern we continue to see – businesses getting breached and reputational and/or financial damage following. As such, cybersecurity is now a board issue and a permanent topic of conversation within corporate leadership teams. Yet, organizations need to take bigger steps towards making their cybersecurity posture as strong as possible – their business depends on it.
EMEA CISO at Fortinet.
Assessing cyber risk
Businesses understand the ramifications a cyberattack can have on the whole company, with research finding that nearly one third (31%) experienced six or more attacks between June 2023-4, compared to the same period the year before.
The impact of an attack is vast, the repercussions of which affect the entire company. As such one of the most crucial tasks of a CISO is to rank cyber risks in order of impact. This requires an equal understanding of the business and its technology stack and isn’t an easy task.
Part of this assessment requires understanding the priorities inside the organization's value chain and securing them accordingly. The second part of the challenge is to then look beyond the business itself and understand what outside forces may impact it. Among these external forces, we find the compliance framework – laws and regulations necessary to protect human beings, intellectual property as well as innovation.
The duality regulation brings though is a challenge. While necessary for protection, they cap and stifle IT teams who need to integrate legal considerations into their defenses. The more known about cyber risks and regulation however, the better. Knowledge is the feather in an IT team’s cap, and IT teams and boards should work together to take learning from other parts of the business and other regulations within their security practices.
Mitigating technical risk
Defense strategies are a must when it comes to cybersecurity resilience. Assessing the right combination of products, services, staffing and processes is crucial. Less is more in this matter. This is especially the case as, after years of technological accumulation, CISOs are realizing the hard way that a mass of products and vendors is not efficient. The next era of security will happen via convergence, not addition.
Getting your board on side
CISOs have a tough job, but core to their success alongside the steps we have already discussed is ensuring their board truly understands cyber risk and gives them the support necessary to fight it. This can be done not only through education but, vitally, through offering options. When faced with a cybersecurity challenge, CISOs must provide information and an array of solutions on which their board has final say. It’s part of the CISOs job to offer scenarios as a series of documented steps, making a first suggestion, followed by a second and third suggestion. This ensures the CISO becomes an empowered execution leveler and gets a consensual decision on how to move ahead, rather than being pinpointed and blamed if something goes wrong.
Alongside this, it’s vital for CISOs and CEOs to be aligned with the CISO reporting directly to the CEO. The consequences of this not happening is unclear or diluted support. With the survival of the company at stake during a cyberattack, cybersecurity must be built into an organization's strategy and CISOs must have direct access to the top decision maker.
Final thoughts
Cybersecurity is not about avoidance but is instead an approach which embraces the fact that it’s only a matter of time before a business is attacked. Prioritizing cyber risk management and recovery is core and organizations need to do this through better connected and secured systems.
Whether your solutions are legacy, old-school, best-of-breed or brand new, the number of technologies, vendors, processes and digital transformations requires simplification in the race to security.
We've featured the best antivirus software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
