4 Steps to Improve the Cybersecurity Strategy of Your Organisation
By Arijit Banerjee
According to the Cisco Annual Cybersecurity report, Indian companies lost $500,000 to cyberattacks in just 1.5 years. This eye-opening statistic makes one thing clear - in this boundary-less world where data is ubiquitous, organisations need to develop cybersecurity programs that focus on critical assets and interactions, and provide multi-layered defence for organisations and people. Organisations not only need to proactively assess cybersecurity strategy but also incorporate new technologies such as artificial intelligence and machine learning to prepare for inevitable risks and operate securely.
Follow this four-step guide to re-position your cybersecurity from a defensive strategy to a proactive business enabler:
#1 Define goals and hire the right people: The path to cybersecurity success begins and ends with setting realistic goals aligned with business objectives. This requires prioritising specific information security needs, performing in-depth analysis of security vulnerabilities, and building metrics to analyse existing security programs. Most importantly, it requires people with the right skill sets. 45% of organizations experience significant shortage of cybersecurity skills.
Leverage analytics to determine specific IT related risks, and create measurable security training programs for developers, system architects and analysts. Once all the goals are set, periodically review the goals and set deadline to achieve the goals.
# 2 Benchmark performance and calculate ROI: Various studies suggest that nearly one-third of organisations make blind security investments. This makes measuring security effectiveness a challenge and hampers performance. With companies investing several lakh in cybersecurity technology, it is critical to evaluate business impact and risks related to cyber security investments. One way to do this is to benchmark cybersecurity performance and determine the ROI on your cybersecurity investment, using the Return of Security Investment (ROSI) equation. The equation integrates the risks and costs related to a security incident with the impact of the security solution.
#3: Test for Gaps: A security gap happens when firms fail to maintain an effective inventory of their assets that are vulnerable to threats such as servers, smartphones, tablets, workstation and applications. Annually evaluating which devices hold what data is fundamental to putting the right cyber security measures in place. Deploy penetration tests to simulate real-world cyber security attacks, identify key risks, and close the gaps. Organizations can also create virtual environments to launch and test real cyberattacks. For instance, Wells Fargo launches fake cyber threats every quarter in their cyber range. This helps better prepare and recover from attacks
#4 Keep Innovating: Increasing digital connectivity and process automation has significantly raised the risk of high impact threats. Leverage emerging technologies such as artificial intelligence and machine learning to help detect anomalous behaviour. Take a page from Google’s cybersecurity playbook. The company uses deep learning to detect phishing and malware in its Playstore. In addition, they use behavioural analytics to analyse micro as well as macro entities that have access to information to prevent hacking - without any human intervention.
It’s important to understand that it’s impossible to secure all aspects of an organisation. Instead of creating a perfect security posture, it is more effective to periodically audit and understand where the most valuable data lives. Such an approach can help draft effective security policies and implement a mix of products and solutions from a cross-section of vendors. However, your tools are only as strong as your people. So find a right-fit training provider who can upskill your employees in cybersecurity, and ensure that your security consultants apply best practices to maximise IT efficiency and protect valuable data.