Accelerated digitalization is forcing us to rethink approaches to cybersecurity. How exactly?
The number of cybercrimes in Ukraine has doubled in the last five years. The transition to remote formats of work and the trend of digitalization create the conditions for an increase in the number of such crimes, and cyber risk management has become a tool for business survival.
And while many Ukrainian companies make some efforts to protect their data and systems, they are often unprepared for cyberattacks.
In some cases, the cybersecurity strategy is to purchase a large amount of software and hardware. But without a comprehensive approach, these tools become virtually useless, create a false sense of security, and thus only increase the likelihood that a hacker attack will go unnoticed.
Imaginary security. Typical business mistakes
1The cybersecurity function is not represented at the top management level
In many companies, either the IT director or the head of economic security is responsible for this area. They may be good professionals, but they lack the strategic vision and knowledge to give management an understanding of the business implications of compromising certain systems.
Consequently, they cannot defend the necessary cybersecurity decisions and effectively defend the relevant plans before the company’s board.
2Lack of integration of the cybersecurity function with other services
First of all, with IT and internal audit service. In this case, the department responsible for cybersecurity must report the threats, but due to the fragmentation of the entire management system, it cannot effectively protect the business.
3Insufficient number of competent staff
Basically, the cybersecurity sector in companies is represented by two or three employees, and sometimes by one person.
This is not enough to perform all the functions, especially if it is a large company or bank.
Risk shield. How to create it?
The main task of the company in the field of cybersecurity is not so much in the concrete overcoming of already identified threats, as in the readiness for such incidents in principle.
In this case, even after falling victim to a cyber attack, businesses will be able to maintain their reputation, customers and their position in the market.
For example, one of the largest hotel network operators, Marriott International, faced a series of thefts of customer data, passports and credit cards in 2014-2020. But thanks to the proper response of those responsible, customers continued to stay in these hotels even despite this risk.
We call the ability to effectively repel cyber threats cyber resilience. It takes into account 4 stages: prevention ( for example, complex passwords, two-factor authentication, etc.); preparation ( availability of a clear plan for overcoming the crisis and minimizing risks); response ( reaction, implementation of the action plan for the incident) and recovery ( return of the enterprise).
In the Ukrainian reality, an adaptive model of cybersecurity must also be added to these stages: not a static action plan, but constantly updated according to new risks and threats that need to be monitored.
To test your business’s readiness for possible cyber threats, try answering a few simple questions:
Do we recognize a persistent security deficit?
Today, it is virtually impossible to provide 100% protection against cyber threats. In the corporate world, security is always a fine line between maintaining a high level of security and the need to please a number of units that may resist certain procedures.
Is the cybersecurity strategy aligned with our business goals?
How much do we trust our digital authentication?
A balance between security and user-friendliness helps maintain trust and retain customers. Today, companies are increasingly using so-called “fusion” centers or a modern version of information security centers.
They are based on the analysis and processing of huge arrays of data both to prevent incidents and to respond quickly to them, while reducing unproductive costs.
To what extent does our team monitor changes in the security sector in our industry?
You need to constantly research existing technologies and make changes to your cybersecurity plan.
How do we test our cybersecurity?
In other words, do we conduct simulation tests to test our line of defense and determine if there are risks of non-compliance with regulatory requirements?
How actively are we implementing automation and cloud technologies?
The better all processes are structured, the less risk there is of being at risk of cybercrime.
Previously, the main task of security services was to protect the production cycle as the basis of business. Now the task is to be ready for anything.
This is a more holistic and service-oriented approach, which should focus on the main ” pillar” of the business – ensuring the continuity of services.
Ultimately, this is the transition from focusing on individual processes to managing the sustainability of the entire enterprise.
