Scrutinizing your cybersecurity strategy through a digital risk lens

Credit to Author: Hervé Coureil| Date: Thu, 29 Nov 2018 11:42:38 +0000

The Symantec 2018 Internet Security Threat Report[i] mentions a 600% increase in overall IoT attacks in 2017. It’s clear: cyber threats and incidents are a major operational risk every enterprise faces along their digital transformation journey. That’s why we believe that implementing a cybersecurity strategy that is viewed through the lens of digital risk is imperative.

McKinsey estimates there are 120 million new malware variants developing every year[ii], showing how cyber attacks become more and more relentless…We must heighten end-to-end digital risk measures and operate with a cyber-resilient mindset at every step.

For companies embarking on digital transformation, risk today goes well beyond a sole connected object, or database. It now spans the full extended digital enterprise, including supply chain and partners. Managing digital risk therefore must be framed by a business-driven strategy, as “Organizations can no longer evade the truth that digital has become the need of the hour and the most effective enabler for creating a differential and unique competitive advantage” (Deloitte) [iii]. This strategy should be clear and communicated across the company, as

“78% of Board decisions are are regularly influenced by risk data per Gartner.”[iv]

4 ways to stay ahead of cyber risk

Only 30% of CIOs, in conjunction with CISOs, take cross-organization steps to drive a business-led approach to digital risk. [iiv]. We can do more. Start by re-framing cybersecurity as a business conversation instead of a technology one. Rethink cybersecurity as a continuous, always-on, proactive activity — not a task or a cog in a process.

Within this context, here are 4 items that we believe are important while implementing an effective risk-based approach to cybersecurity:

  1. Look at cyber from all perspectives. Cyberattack scenario planning is often a good starting point, as it makes you think from the perspective of the attacker. Model threats and make cyber risk scenarios tangible from a bottom line standpoint (i.e., cost, reputation, business disruption, supply chain impact). This approach makes cyber a business conversation, not a technology one.
  2.  A blast-all stance simply won’t work with cyber. Trying to do everything at once does nothing, except, that is, make prioritization impossible and the impact of each project or effortless than it should be. Instead, using concrete risks scenarios — as mentioned above — allows you to be efficient at prioritizing prevention, detection, response, and recovery plans. In this way, you can target funding to the best use.
  3. Cybersecurity no longer is about just protection. It demands a layered in-depth approach, from identification to recovery. Schneider Electric uses the NIST framework to guide its end-to-end cyber strategy. Regarding digital security only as a matter of building thicker walls slows down everything and creates barriers. But if you think of cybersecurity as spanning everything, you can take a proactive approach and drive digital innovation as an inherent part of your security framework.
  4. Strengthen your cyber posture by learning as much as possible about every and any incident. And be sure to share debriefing information across your extended enterprise and digital ecosystem, including partners, customers, and authorities. Doing so allows you to correct processes, plans, and risk scenario modeling. The recovery phase is critical. It is during this phase of the NIST framework that your cyber muscles become stronger, making you faster to beat the next event.

Improve your cybersecurity resilience

In a digital world, no company can become a castle. Building a higher wall isn’t the answer.

“It’s time to think about your entire digital ecosystem with a wide view that sees beyond the boundaries of your own firm.”

And consider welcoming cyber partners into your ecosystem to build a robust, holistic posture.

Within its extended enterprise, Schneider Electric cultivates strong cyber and AI partnerships with Industry 4.0 security experts and specialists in threat prediction and prevention to build resilience at the convergence of IT and OT infrastructure. Our customers, too, can reap the benefits of our ecosystem to secure their own critical sites by leveraging Schneider’s Industrial Cybersecurity Services.

A digital risk strategy, bolstered by cyber partnerships and the extended digital ecosystem, is a great asset in your digital journey — and the best way to see the road ahead clearly at every turn.

 


[i] https://interactive.symantec.com/ISTR?CID=70138000001MD17AAG
[ii] McKinsey Cybersecurity and Cyber risk Service Line, cited in “Digital and Risk A new posture for cyber risk in a networked world,” March 2018.
[iii] Deloitte, “Managing Risk in Digital Transformation,” January 2018 https://www.gartner.com/en/conferences/na/security-risk-management-us
[iv]  Gartner Annual Security and Risk Survey, February – March 2017  https://www2.deloitte.com/content/dam/Deloitte/in/Documents/risk/in-ra-managing-risk-in-digital-transformation-1-noexp.pdf
[iiv] Gartner, Analyst(s): Rob McMillan, Paul E. Proctor, “Cybersecurity and Digital Risk Management: CIOs Must Engage and Prepare.” Published: 17 January 2018 ID: G00349114

The post Scrutinizing your cybersecurity strategy through a digital risk lens appeared first on Schneider Electric Blog.

http://blog.schneider-electric.com/feed/