[BreachExchange] It’s time to think differently about cyber security. Here’s how

Thu Jun 22 18:59:06 EDT 2017

https://www.weforum.org/agenda/2017/06/how-to-win-the-cyber-war/

Whilst the Fourth Industrial Revolution is opening up new opportunities for
organizations to embrace emerging technologies, rethink business models and
improve the lives of employees and customers, it also has a darker side –
increased security risks.

The recent unprecedented WannaCry ransomware attack that affected
organizations in over 150 countries highlights the exploding threat
landscape that we face today.

Denial is no longer an option

Every business, financial institution, telecoms provider, energy company
and government should now consider itself to be under threat from cyber
criminals intent on causing devastation for gain. This ever-growing network
of cyber criminals is intent on developing the most advanced attack methods
to penetrate systems.

The cyber landscape becomes more perilous by the day – nearly 12 million
new malware variants are discovered each month. The UK Government’s Cyber
Security Breaches Survey 2017 found that almost seven in 10 large
businesses identified a breach or attack last year. What’s more, businesses
holding electronic data about their customers were far more likely to be
compromised than those that didn’t.

Forward-looking companies are thinking not only about how criminals can
gain access to networks, but also what they do when they’re inside.

We need to respond to threats

We all accept that business plays a key role in determining the success of
a nation, and that national decisions impact on business; this
interdependence now extends to cyber security.

The only effective response to this level of cyber attack is a major step
up in cyber security to give us national-level insight and oversight that
will work closely with industry and government. Those of us with national
responsibilities, the leaders of nationally-important businesses, and major
institutions, need to unite to fight. We need to lead a defence strategy
against this cyber warfare at a national level, bringing the best minds and
tools together to protect assets.

Risk vs opportunity

But digital risk and opportunity are two sides of the same coin. Despite
the risks, you want your organization to make the most of what digital
tools it has to offer. You want your people to be able to work flexibly and
efficiently using devices and the cloud. And you want your network
infrastructure to benefit from the power and agility that digital
innovation brings.

To gain the trust of employees, customers, partners and regulators in the
digital economy, organizations must have strong security. Companies that
get this right will enjoy such high levels of trust that their customers
will look to them as guides for the digital future. Those that get it wrong
will be hindered in their growth and face threats to their data, customers
and reputation.

Rethink the risk

It is time for organizations to look differently at cyber security, and how
they can rethink the risks of operating in a digital world to deliver
inclusive growth.

Cyber security has stepped beyond the realm of pure cyber security
specialists. To take advantage of new opportunities, and develop as a
business, you have to make sure security is a part of your wider business
strategy. An important part of this is to appoint a Chief Digital Risk
Officer (CDRO).

A quarter of organizations already have a CDRO in place, and this role
combines digital expertise with high-level management skills. The position
has emerged as part of a redefinition of digital roles, and it has a huge
amount of potential. Individuals in this position can develop policies and
practices that allow organizations to create new, better ways of working,
deliver better services to customers and streamline back-office systems.

It’s just one of the ways that security can make sure your organization
enjoys more opportunities than it would otherwise.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170622/731011ff/attachment.html>