What all business leaders need to know about cyber security
Remote working has been steadily growing worldwide over the last decade, but the COVID-19 pandemic forced the world’s hand and made this method of work mainstream. When businesses have the majority of their workforce working from home, what are the implications for cyber security and threat management?
In the US, IBM Security’s 2019 Cost of a Data Breach Report suggested the average financial implication of a typical data breach now sits at a staggering $3.92 million. For this reason, cyber security and data protection commonly rank among the top priorities for businesses who rely on technology to function.
Customer data remains the primary target for breaches due to its value for a range of criminal activities and saleability to third parties, but it’s certainly not the only prize. IP theft, supply chain disruption, sensitive systems access and reputational damage campaigns are just some of the big picture matters that mitigation and management strategies need to consider. However, although staying abreast of current trends and techniques is useful, developing a solid understanding of fundamental information security concepts should sit at the heart of a more strategic outlook.
Deputy Director of Academic Cyber Security Excellence Dr Atif Ahmad at the University of Melbourne, has outlined the following areas of focus for those managing assets, teams or approaches across the board:
New world, new ways
“The modern organisation exists in a brave new world, where its information systems are both a critical asset that sustains its competitive advantage and a source of operational and strategic security risk. For this reason, and with bottom lines increasingly tied to information itself, successful internal and external management of this resource should be shaping the strategies and operations of businesses who have an innate cause and capacity to not only use information, but to protect it. With complex digital ecosystems now deeply rooted in the success of many businesses, it’s more important than ever that prioritising the safeguarding of information sharing and storage is viewed as a driver of productivity and profitability.”
From support to strategy
“Organisations need to address how to transform the way they perceive, resource, structure and use their information security function. Initially, a key area of focus should be empowering the existing IT security function to overcome the foundational and operational constraints of its 'IT support' tag and take on a more active strategic role in defending valuable information and surrounding systems from attack. The traditional delegation of responsibility for technology challenges to IT professionals trades on the opinion that these are not business problems but tech problems, meaning change can be hard to imagine or implement when the nature of business is evolving, and knowledge remits are entrenched.”
Valuing information in the information age
“The question of how best to determine the value of an information pool exploding in size and influence is something organisations need to address by developing greater expertise in the field, but which many aren’t adequately equipped to do even though data is becoming ever more intrinsic to their offerings and operations. For information value projections to be robust, they must be created in collaboration between those responsible for the storage, protection, access and analysis of the assets – AKA the IT function – and those stakeholders who operate at the pointy end of transforming data into business value via decision making.”
The truth about threats
“The majority of businesses are interested in protecting their information, but if many still believe that securing it is a technical issue subject predominantly to faceless external threats such as hackers, then they may be blindsided by the reality. Whether deliberately or inadvertently, research has shown that the people or culture of an organisation are usually more likely than hackers to be responsible for breaches, social media sharing of confidential information being one example.”
Securing assets from the inside out
“Increasing employee understanding of how the ways they engage with people, computer systems and physical collateral can determine the ultimate effectiveness of a security program is vital. Sustained training, education and awareness all have a part to play in an organisation decentralising ongoing asset protection from the IT division exclusively – security should be everyone’s business in today’s technology fuelled industries and workplaces.”
Ensure your organisation is equipped to identify and assess cyber risk by studying the Cybersecurity in Organisations Melbourne MicroCert course.
With special thanks to:
- Deputy Director of Academic Cyber Security Excellence, Dr Atif Ahmad, the University of Melbourne
- EY. (2018). Is cybersecurity about more than protection? Retrieved June 9, 2020, from https://assets.ey.com/content/dam/ey-sites/ey-com/en_ca/topics/advisory/ey-global-information-security-survey-2018-19.pdf
- IBM. (2019). 2019 Cost of a Data Breach Report. Retrieved June 9, 2020, from https://securityintelligence.com/series/2019-cost-of-a-data-breach-report/?mhsrc=ibmsearch_a&mhq=Cost%20of%20a%20data%20breach%202019&_ga=2.19777467.2008483632.1610090629-520608004.1610090629
- Short, J. E., Todd, S. (2017, March 3). What’s Your Data Worth? MIT Sloan Management Review, Spring 2017. Retrieved June 9, 2020, from https://sloanreview.mit.edu/article/whats-your-data-worth/