Prioritising Cyber Security and Building Operational Resilience: A Critical Business Decision
Many experts agree cyber security is the central challenge of the digital age and should be a top priority for executive management in order to ensure operational resilience and business continuity. Take a look at some of the critical implementations experts recommend business leaders should take in order to effectively manage a cyber attack and minimise damage.
Satya Nadella, CEO of Microsoft, believes that cyber security is the central challenge of the digital age. According to the University of Maryland, hackers execute a cyber attack on computers and internet connected devices every 39 seconds which is incredible when you consider most of us would struggle to even structure a Tweet in such a short period of time. With the exponential growth of cyber attacks occurring around the world, Gartner Inc. reported that worldwide spending on information security products and services exceeded $114 billion in 2018, a sharp increase of 12.4 percent from 2017, and is now expected to reach $123.8 billion by the end of 2020.
Covid-19 has driven the need for many organisations to allow large parts of their employee base to work from home or remotely. This significant impact on the IT infrastructure has had a knock-on effect to cyber security and how to reduce the attack vectors created by this shift in their network’s topology. As a result, urgent reprioritisation (and increases in some cases) of IT and cyber security budgets have been undertaken to reduce risk exposure in this area.
Identify the Priorities of Your Organisation
While a high level of preparedness does not guarantee cyber security, they are credible steps that businesses can take to minimise their vulnerability to cyber attacks and respond effectively to crisis.
There are many frameworks that information security and risk managers can follow to help identify their priorities. One of the leading standards is NIST – National Institute of Standards and Technology’s cyber security framework which aims to: identify, protect, detect, respond and recover.
Moving forward, business leaders can allocate their resources based on their identified priorities and their budget. This is true for any organisation no matter what their size. Larger businesses are generally assumed to have more resources to invest towards cyber readiness but, this does not necessarily mean they are better prepared. It is inevitable that larger organisations have to spend more budget in this area as they tend to suffer a higher average impact cost from cyber attacks. In other words, a larger organisation has to allocate more resources to protect their higher asset base.
Nonetheless, smaller businesses should also be prepared in case cyber attacks are targeted their way. Hiscox recently reported in their Cyber Readiness Report 2020 that smaller firms can easily work towards better cyber readiness by following these three actions:
- Actively engage employees in cyber awareness training.
Proactively deploy antivirus or anti-malware systems with regular updates.
Strictly make business decisions on the company’s cyber security tolerances.
What can the experts teach us?
Cyber hackers’ ransomware techniques are constantly evolving to cause the most damage to the organisation. In order to protect the assets of the organisation, it is critical that business leaders implement strong and reliable detection capabilities to stop attacks as soon as possible to minimise their damage.
Do the basics well and build organisational resilience.
Starting from the basics, business leaders have to identify the devices that are being used for daily operation to implement the necessary anti-malware features with regular updates and data backup.
Build organisational resilience by enforcing regular security evaluation, additional security and crisis management with experts.
Follow a framework.
Information Security & Risk managers should always follow a framework to guide their direction in risk management as it provides a useful checklist.
Involve your organisation.
According to Hiscox, 9 out of 10 experts agree that cyber security is a top priority for executive management. With regular training for the management team and your employees, it ensures that the organisation is aware of the risk appetite of the organisation. This will reinforce the team to make business decisions strictly on the company’s cyber security tolerances.
Interested in learning how to strengthen your Cyber Resilience capablities? Download this practical 2 pager!