Sophisticated cyber attacks call for more business resiliency
Cyber-attacks keep growing at a faster pace, causing huge losses to companies globally. Reportedly, FBI’s 2020 Internet Crime Report confirms that incidents of phishing, malware, extortion, non-payment, no-delivery scams, and other attacks increased by nearly 70% in 2020, resulting in a loss of $4.2 billion. But the cost of resolving cyberattacks is not the only challenge that we must overcome. Imagine the impact of these attacks to your business’ reputation and brand.
Recent data will show us that consumers can show little to no sympathy for companies that can’t keep their data safe. A PwC survey revealed that nearly 90% of costumers will refuse to enter deals with companies that were affected by data breaches. Therefore, businesses must have enhanced cybersecurity in place to avoid placing themselves at a risk of ultimately stopping their operations.
But the question is: how long will your cybersecurity system keep you safe?
The truth is, critical weaknesses remain even if cybersecurity practices are constantly and steadily evolving. Cybercriminals are becoming more sophisticated in their methods, tools, and techniques—making them more difficult to fend off. We, as business leaders, must always be in continuous surveillance across all our digital assets and see cybersecurity as more than just a weapon to combat cyber threats.
Instead, we must approach data privacy and cybersecurity as a strategic business imperative.
If we don’t, we’ll be settling for trade-offs that will negatively impact our business. For example, a complex cybersecurity program can hamper our operation’s speed and even cause budget strains. Mission-critical activities such as product launches might be delayed due to certification checks, which is also necessary. Employee productivity will be affected by extensive identity validation requirements. With these problems within the organization, customer experiences will most likely be affected as well.
In the end, these trade-offs in cybersecurity put your business at an even greater disadvantage.
No organization wants this to happen. We want our cybersecurity practices to work for us, rather than against us. To do so, we must take these proactive steps to protect and secure our most critical and sensitive data:
Step 1: Commit ourselves to continuous improvement.
After all, operational resilience is a journey. We must adapt a continually evolving cyber resilience model against next-generation threats. We can accomplish this by aiming an acceptable baseline for cyber resilience, implement it, and continually improve by applying adaptive, agile, and proven security models and processes.
Step 2: Manage any third-party risks.
If there is anything that the ongoing COVID-19 pandemic has taught us, it is that risks will always be there to impact our business operations. Therefore, risk-management practices should always be in place, especially for our third-party suppliers and systems. We must never be lenient—our management practices should encompass the entire value chain.
Step 3: Extend governance to our cloud services.
Secure and compliant cloud services also add value to our cybersecurity approach. To do so, we must set a practical cloud governance framework for our customers. It is important that we offer cloud governance solutions to our customers now, while it is still a rapidly developing area.
Step 4: Leverage automation models.
In terms of cyber resilience plans, we should also not skip on automation. Leverage process automation and cybersecurity bots to drive efficient systems in the event of ransomware attacks. With automation in place, we can efficiently design resilience plans even if cyber threats continue to loom the entire industry.
Step 5: Invest on machine learning to detect and defend infrastructures.
While cyber attackers are growing more aggressive, we have machine learning that continues to evolve rapidly as well. Machine learning can facilitate real-time remediation and control through automated policy enforcement, which is a key component of sound cybersecurity.
Indeed, advancements in technology continues for both businesses and cybercriminals. As one group gains a strong position, the other will find a way to advance and leap over its opponent. It is a never-ending race between our organizations and cyber attackers.
To maintain a winning position in this race, a progressive cyber resilience strategy is our best approach. We must commit ourselves in not only investing in cybersecurity defenses, but also meticulously test its efficacy over time. It’s the surest and safest way to ensure that our businesses remain progressive and resilient.
About the Writer
Bharat is a CyberSecurist domain enthusiast and an advisor in the domain of Cyber Risk Management, with specialisations on the Cyber Defense, Cyber Fraud and Cyber Resilience domains. Known for his strategic initiatives, assisting in building the Cyber Security Advisory services in the region for the last 20 years.
In his current role, he is the CEO for INSPIRA Cyber Security Business for the EMEA region, apart from leading the Global Cyber Security Advisory portfolio and evangelizes the INSPIRA investments in the marketplacee.
Known for his Risk, Compliance & Fraud Management, he has over 24 Years of leadership experience in Digital Cybersecurity, Risk Management, Compliance, Audit and Assurance. Strategic Advisory working with CxO’s from across vertical industries like Finance, Insurance, Pharmaceutical, Public Sector, Transport, Hi-Tech, Card Industry, Oil Industry, Audit & Compliance, working with the likes of likes of IBM, HSBC, Royal Bank of Scotland to name a few.
He is also the current President of the ISACA Orange County and has held many other roles in the professional bodies. He has been actively involved in ISACA Global, Association of Fraud Examiner, IIA, ISO, NIST involved in framing standards and controls.