Cybersecurity nowadays encompasses and affects almost all aspects of any technological business. Cybersecurity is no longer an issue that only security and IT professionals deal with. There must be a shift from cyber security being solely the responsibility of IT professionals into an understanding that it is a shared responsibility of an enterprise. A CISO must be able to wear multiple hats and be able to align a companies business strategy with their cyber one. Thus, it is essential that security is incorporated into the business process. CISOs should help business leadership in making this conversion possible.
Accelerated by the COVID crisis, yet present before is an increased need for speed-to-market, coupled with an acknowledgment of the risks involved. In the present economy, the amount of skilled cyber security professionals strongly lacks. KPMG recommends looking into alternative solutions for addressing this gap of professionals by incorporating gig economy workers and cyber security automation, for example. Additionally, CISOs are urged to attract a wider range of talents in cyber security, in order to break down barriers of inclusion and attract a larger group of talents to the field.
As cloud adoption has skyrocketed within organizations, the cyber security landscape has changed. The processes and skills required for ‘traditional’ cyber security may no longer apply to cloud cyber security. According to KPMG’s report, 90 percent of organizations may be vulnerable to security breaches related to cloud misconfigurations. CISOs need to work with their team to understand the cloud specific cyber security requirements and adopt security for the cloud. This should be done within the regulatory framework and take into account how regulations such as the GDPR or HIPAA would affect cloud security.
As millions of employees shift to remote work and purchase goods from anywhere in the world through their phones, it is increasingly important to place identity management and zero trust at the heart of business processes. Zero trust should no longer be viewed as a technology or feature, but rather a security standard. CISOs should make zero trust an approach to security, with identity being the central component of any zero trust model.
Automation often helps with freeing up resources that may be better spent than on mundane, repetitive tasks. This also applies to the field of cyber security, where vulnerability scanning, log analysis and compliance are being automatically executed rather than done by a highly skilled professional. Automation can help security professionals concentrate on truly critical assets rather than spend time on lower level threats that can be handled using automation. CISOs are encouraged to leverage automation to the full advantage.
At present, cyber security and data privacy are disciplines that seen as different and often operate separate from one another. As more awareness and recognition exists for data privacy there is an ever increased need to view privacy not as a standalone legal discipline but as a multi-disciplinary field. Privacy should be intertwined with security, where companies incorporate a privacy by design approach to their business.
Companies nowadays are more often dependent on robust supply chains and multiple business partners. Such dependencies result in 79% of cyberteams to recognize that protecting a business’s partner ecosystem and supply chain is just as important as building their own cyber defenses. This creates a network of businesses operating together and requiring an adequate controls to protect their own and partners’ data simultaneously. It is necessary to create a strong risk management framework that addresses the cyber risks within and outside the organization. This requires a proactive role by CISOs, using automation, continuous monitoring and zero trust models to help in achieving security beyond boundaries of their enterprise.
CISOs are encouraged in the KPMG report to initiate conversation with senior leaders within an organization on the assumption that a company is ready for a cyber-attack. A company resilient to cyber-attacks is one that assesses the key operational processes of business and strategy. CISOs should reframe the cyber resilience conversation to encompass a company-wide effort to mitigate cyber-attacks and identify the greatest risks.
Hopefully, this article brings thoughtful recommendations for you as an organization or CISO serving an organization. For a detailed overview, access the full report HERE.
The line blurring between work and spare time, and the widespread use of remote work mean that peo..
It is a volatile time for economy, which always leads to businesses being purchased and sold. For ..
It is no longer a question of if cyber incidents take place, but when they will take place. Based ..
Mihkel Kukk, Head of Cyber Security Services at KPMG, notes that, although great importance is att..
"Not dealing with information security should not be seen as an IT risk, but rather as a strategic..
Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..
Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.