Cybersecurity strategy to drive targeted growth – Karen Massa
COVID-19, relentless cyberattacks, insufficient budgets and complex regulations are some of the reasons cited by information security leaders as to why a robust cybersecurity strategy is more important than ever.
Additionally, domestic and transnational regulators have warned of a predicted increase in cyberattacks emanating from Russian threat actors, as geopolitical conflicts spill over into cyberspace.
The 2021 EY Information Security Survey actually showed that 81% of executives globally believe the COVID-19 pandemic has forced organizations to circumvent cybersecurity processes, while 77% of organizations have seen more disruptive attacks over the past 12 months. , up from 59% in the 2020 survey.
Most respondents indicated that preventing attacks by external actors has grown in importance over the past year.
Moreover, the profile of the average decision maker has changed over the past three years. Traditional decision makers, such as CIOs and CISOs, share their influence with non-IT executives, such as CEOs, chief financial officers (CFOs), legal and compliance managers, and business unit heads. Additionally, corporate boards are demanding more detailed information about their organizations’ security posture.
The survey results also reveal that simple actions taken now can mitigate current and future vulnerabilities and reap substantial benefits later. These include in particular the following:
Focus on zero trust
A holistic approach to security integrating different cyber principles across people, processes and technology. The fundamental concept behind this strategy is the assumption that there are threat actors inside and outside the organization, so that nothing can be trusted, whether man or machine.
Educate and engage your board
The board should be interested in preventing data breaches and committed to prioritizing cybersecurity needs. Organizations should proactively create a board-level executive dashboard to increase visibility into cybersecurity issues.
Regulators have warned of an expected increase in cyberattacks from Russian threat actors– Karen Massa
Strengthen the role of the Chief Information Security Officer
With the onset of the pandemic, 55% of cybersecurity leaders believed it gave them an opportunity to position themselves as strategic business partners. Security managers need to be bold and go beyond the back office. They must be confident in presenting the competitive advantage that cybersecurity teams can bring to their leadership teams.
Concepts such as “Privacy by Design” and “Security by Design” offer security managers the opportunity to be much more integrated into the company’s go-to-market activities. It’s a way for security leaders to add value to organizations as we navigate an uncertain world.
Spend now, save later
According to the survey, companies that have recently experienced a breach expect to spend more in all areas of security, with vulnerability assessment and access control being the top areas of investment. To protect themselves, organizations need to build cybersecurity capabilities not only to prevent attacks, but also to mitigate damage and shorten recovery time.
The study found that companies’ cybersecurity budgets have increased over the past three years and that spending is expected to increase in the coming years. Going forward, the largest increase in spending is expected to be in endpoint security solutions, followed closely by network and data center security.
It is important to note that there is no “one size fits all” solution for cybersecurity. The level of investment and the budget should be commensurate with the risk appetite of your business. Either way, companies should not wait for a breach to occur before evaluating what practices may be appropriate for the company.
EY’s cybersecurity, strategy, risk, compliance and resilience teams help organizations assess the effectiveness and efficiency of their cybersecurity and resilience programs in the context of business growth and operational strategies. These offerings apply consistently regardless of where they are applied (information technology, operational technology, cloud, etc.), provide a clear measure of risk and capture current risks to the organization, and demonstrate how cyber risks will be managed in the future.
Our services can be tailored to the nature, size and risk profile of the organization and can be combined to form a larger transformation program or effort.
Karen Massa is Head of Business and Technology Risk Advisory at EY Malta.
EY Engage, Malta’s tech leader forum, will be held at the Westin Dragonara Resort on June 1 at 11:30 a.m. The event explores how IT enables organizations to become resilient and competitive in times of disruption. Speakers included Pascal Bornet, world renowned keynote speaker and author of the bestselling book Intelligent Automation.
Networking opportunities, panel discussions covering current industry topics and a panel discussion will also provide a unique setting to collaborate on current industry challenges and trends. To register, go to ey.com/en_mt/events/engage
Independent journalism costs money. Support Times of Malta for the price of a coffee.