Is Cyber Security in the DNA of your Digital Strategy?
The Covid-19 pandemic has been a boon for Cybercriminals.
Today, cybercrime is estimated to cost the world $6trn annually and is set to grow to $10.5trn in 2025, according to Cyber Security Ventures. With IBM reporting the average cost of a data breach standing at $3.86m (or $8.64m in the USA). Additionally, a recent FBI report has shown that 2020 was a record year for cybercrime in the US, costing the US in excess of $4.2 billion.
Against this cybercrime backdrop and as the global economic recovery begins, the c-suite and those responsible for cybersecurity, need to ensure security is embedded into the company culture, and DNA of their digital strategy.
Failure to address legacy & emerging vulnerabilities or embed security into your enterprise’s digital strategy, will leave your organisation open to criminals, and the economic, reputational and legal damage that may bring.
So, what can be done? The cybercrime statistics often make for uncomfortable reading, but there are pragmatic and achievable actions the c-suite should consider taking. These actions include:
1. Board Level Accountability
Cyber security is a whole business issue, not just a responsibility of the IT department. Accountability and measurement should be held at a board level. If not already, your CISO (Chief Information Security Officer) should be attending the board. Make each part of the business accountable for doing their part in ensuring the cyber security integrity of their domain.
2. Embed cybersecurity into your Business & Digital Strategy
As your enterprise adapts to the new normal, cyber security should be built into your standard operating processes as a business.
3. Invest in Training
Both for the board and all employees. According to Code 42’s Data Exposure Report, 69% of businesses admitted they had data leaks through employee or contractor malpractice. Often these leaks are through poor employee practices and cyber awareness, rather than nefarious intentions. Therefore, invest in training for all employees on Cyber Hygiene basics.
As the cybercrime threat is continuously evolving, training should be ongoing & regular, rather than viewed as a one time event.
4. Information System Access Control
Whilst this may be going into more detail than the c-suite need, being aware of the benefits of identity and access management will be beneficial. When done well, identity and access management, ensures that only the right people, with the right need, have access to only the data they need to effectively do their role.
For some industry sectors such as financial, regulatory and reputational risk, drives them to establish strong controls around access to data. As best practice, all enterprises should adopt strong policies and process for Identity & Access Management.
5. Invest in your Cyber Experts
Invest in your technical experts and developers. Make sure that their training and skills remain at the forefront of the Cyber Security domain. This training should also include, things such as attack simulations where your experts can test and learn how they would respond to an attack.
6. Outsource
Where appropriate, outsource elements of your Cyber Security to specialist experts. For reasons of recruitment, scale, budgets, or knowledge gaps, it is not always easy or appropriate to do everything in-house. Therefore, selectively and consciously engage outsource partners who have the skills and knowledge to meet your needs.
Your outsource partner should have expert knowledge of your industry sector and regulatory requirements of the sector within which your enterprise operates.
At Tarralugo we appreciate the importance of doing everything possible to protect the integrity and reputation of our clients and their businesses. That is why we always put Cyber Security at the heart of our client’s digital strategies.
To discuss your digital strategy, please feel free to contact us or drop us an e-mail.