[BreachExchange] Business resilience should be a core company strategy, so why are businesses struggling to take action?

Tue Jan 22 20:20:33 EST 2019

https://www.helpnetsecurity.com/2019/01/22/business-resilience/

A recent survey showed that only 51% of U.S. business decision makers say
their organization is definitely as resilient as it needs to be against
disruptions such as cyber threats. In addition, the survey showed that 96%
of U.S. business decision makers claim business resilience should be a core
company strategy.

If 96% of business decision makers realize this, why are organizations
still struggling to protect themselves against cybercrime and
technology-based disruption?

IT teams face major obstacles

The speed of innovation and complexity of technology have led organizations
to purchase multiple tools to try and solve IT security and operational
challenges. This has stressed their teams, which spend a lot of time
configuring and managing these tools, and also created a fragmented
collection of endpoints, any one of which could be a threat vector.

Point products and disconnected services haven’t made organizations any
more resilient against disruption. Although 96% of survey respondents
understood that working toward business resilience would be core to the
company strategy, most organizations are still struggling to achieve it.

The study highlighted that several barriers to achieving business
resilience remain, including clear challenges between internal
organizational structures and access to the right skills and technology.
When asked what they think are their organization’s biggest barriers to
being resilient against business disruptions, about a third (33%) of
respondents said they believe that hackers are more sophisticated than
their IT teams, and just around one-fifth (21%) don’t have the skills
needed within the company to accurately detect cyber breaches in real-time.
In addition, 22% of survey respondents claimed that poor visibility of
entry points are barriers to resilience.

Many organizations also don’t realize how exposed they are. Just over a
third (33%) of organizations admit they could not accurately calculate the
loss of revenue and productivity from a cyber attack, and just over a
quarter (28%) believe they wouldn’t be able to calculate the cost of
response efforts.

Everyone’s responsibility

When asked who they felt was responsible for achieving business resilience,
many of the respondents were unsure where the responsibility lies. While
30% of those polled believe the CIO or Head of IT should be responsible,
32% believe every employee should be held accountable for practicing safe
security practices. Only a fifth (19%) believe that either the CEO or
senior leadership team are the ones fully responsible for the company’s
business resilience.

In reality, it’s up to every member of the organization to help build a
resilient business. Many companies require security training workshops at
the beginning of employment, which is a great first start, but just that –
a start. Security posture takes practice. It’s up to every member of the
team to learn about security threats and how to safeguard against them to
ensure the company can stay resilient.

Laying the foundation for a resilient culture

As organizations look to build a strong security culture and achieve
business resilience, it’s crucial that they have the right strategy in
place. This means having the right personnel, processes, and solutions to
combat threats and mitigate risks. In the event of a sophisticated attack,
unpatched software or an employee visiting a compromised site or clicking
on a malicious link, it is essential that IT can view all endpoints across
the entire network with the ability to thwart potential threats immediately.

In order to achieve business resilience for long-term growth, there must be
a shift in the way we look at security, and a culture needs to be built
from the top down. Business resilience shouldn’t fall on the shoulders of
one group or person; it’s a team effort. Prevention and recovery can no
longer be the standard approach to securing businesses – they too often
leave us several steps behind attackers. Instead, organizations need to
ensure that their data is accurate and actionable, and that starts with
having real-time visibility and control over all computing devices. When
you can achieve that, you’re on your way to building a resilient business.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190122/20ee34ef/attachment.html>