Lock down cyber security planning
10 Sep 2018
Making your digital assets safe means investing in cyber security. Peter Graham, from DXC Technology, is specialist in the area and was a panel speaker at CCI’s 2018 Cyber Focus Forums. He helps clients predict attacks and respond to threats to their data, applications, infrastructure, and endpoints. Understanding cybercrime may not make your organisation safer, but reviewing your security standards with the help of an expert can make a big difference.
“Cyber incident readiness is finally an issue at the highest level of management, and needs to be driven by The Board and CEO who can no longer afford to ignore the urgent need for adopting a response plan,” he explains.
Read our Cyber security, a discussion for senior management article to learn more.
Graham sees building resilience as integral to an organisation’s broader operational security.
“Computer networks and systems all around the world are now vulnerable all the time, because the bad guys are getting better at what they do, and they use more sophisticated ways of causing damage that spreads quickly.”
The Center for Strategic and International Studies (CSIS) with McAfee tracked the cost of cybercrime in their research studies. The Australian Government’s online reporting system had recorded more than 114,000 instances of cybercrime over the last three years, with almost 24,000 in 2017.
A report by the World Economic Forum (WEF) on advancing cyber resilience advises organisations to have durable networks and systems and manage their digitisation well. It must come as some relief to organisational leaders that they can now source tools and principles for building a more secure environment. Some are available through the WEF report but many organisations are engaging directly with industry experts, like Peter Graham, who represent specialist security firms.
Note the importance of a cyber incident response plan.
“Once you have the tools and your principles worked out, you can create a cyber incident response plan and make sure everyone knows their role in carrying it out,” says Graham.
The resources are designed to support strategic decision-makers, at both Board level and the CEO, to ensure accountability for cyber security throughout the organisation.
“The Board needs to think about delegating the right people for accountability roles, because they will be regularly reviewing cyber resilience and ensuring there is also independent assessment of cyber security measures outside of the organisation.”
Recognising actions taken before an incident can be key to mitigating a threat, and Boards should understand risks and make cyber risk reporting a standing agenda item at Board meetings.
Note the importance of a cyber risk framework.
A framework will clarify threats, vulnerabilities, the values at risk (reputational and assets), and responses for your organisation.
Many common cyber threats are so obvious they are becoming invisible because of the exponential growth of physical and cyber-related systems, and the Internet of Things labyrinth.
According to a report by The World Economic Forum, 88% of market leaders surveyed about cyber resilience believed businesses were not ready for the risks and challenges presented by the Internet of Things.
As Graham says, “talks around cyber security need to shift to a whole-of-business discussion and move on from circular conversations within an IT department. Everyone within an organisation must be aware of their role in protecting digital assets, as well as physical ones. This conversation needs to come from the top and action needs to be directed from the top down.”
For more information, view Peter Graham's video on Changing the way we think about data.
"Cybercrime is the greatest threat to every company in the world."
Ginni Rometty, IBM's chairman, President & CEO
Defining an organisation’s risk appetite, assessing their risk profile, and risk benchmarking will involve analysing demographics and costs versus responses and threats. Boards can potentially reduce damage costs caused by cybercrime by making ongoing improvements to their cyber security.
Graham sees rapid growth in the demand for expertise in cyber security. The Forum’s report predicts more partnerships, public-private cooperation, and increasing leadership roles specific to cyber security control within organisations in the future.
“You can be sure the necessary investment to improve cyber resilience is going to become an important cost of doing business for all companies,” says Graham.
Click here to view Peter Graham's video on changing the way we think about data.
|The World Economic Forum’s Advancing Cyber Resilience project engaged Board members at leading companies, across industries globally. Almost 85% of participants agreed better cyber resilience tools and education are sorely needed to provide proper oversight of an organisation’s cyber security.|
Who can keep track?
Impact of the Fourth Industrial Revolution is a proliferation of emerging technologies. Physical devices with internet-enabled connectivity become cyber physical systems, and a conduit for business disruption. The Internet of Things equals hyper-connected devices.
About Peter Graham
Peter is an Information Security consultant with over 25 years of experience working across IT Governance, IT Risk Management and Audit/Compliance, Data Protection frameworks, PCI DSS Compliance, IT Security, Business Continuity and Disaster Recovery. He has applied his skills in multiple industry sectors and completed several international assignments and secondments, including a global B2B project implementing IT Security, recovery strategies and infrastructure requirements. He leads IT Governance, IT Security, Assessment and Compliance, Risk Management and Business Continuity projects across a range of industries.
World Economic Forum: Future of Digital Economy and Society System Initiative, Advancing Cyber Resilience: Principles and Tools for Boards, In collaboration with The Boston Consulting Group and Hewlett Packard Enterprise, January 2017
James Lewis, Economic Impact of Cybercrime—No Slowing Down Report, https://ia.acs.org.au/article/2018/cost-of-cybercrime-soars.html