7 best practices for combating cybersecurity risks

In 2018 alone there have been more than 600 cybersecurity data breaches, exposing more than 22 million records, with no clear end in sight.

Despite the massive number of breaches, Deloitte recently found that only 25 percent of organizations are scenario planning to defend against these attacks. With consumer and employee displeasure with corporate leaders only continuing to grow and calls for regulation coming from elected officials, it is crucial that leaders begin to regulate themselves by prioritizing cybersecurity to make their business stronger.

As we approach the end of the year and move forward into a year with new cyber risks, here are seven tips to avoid and combat cybersecurity risks.

War Game & Scenario Plan

Deloitte recently found that only 25 percent of organizations are wargaming or scenario planning for cyber incidents, despite the massive number of breaches this year and war gaming being the best way for businesses to plan ahead and defend against these attacks. In 2019, leaders must push their organizations to plan for and monitor for these attacks.

di-stock-server-1126-b
Servers stand in a computer room at the Yahoo! Inc. Lockport Data Center in Lockport, New York, U.S., on Friday, Sept. 26, 2014. Yahoo Inc., a $40 billion Web portal, is expected to release third quarter earnings on Oct. 21. Photographer: Andrew Harrer/Bloomberg
Andrew Harrer/Bloomberg

View Cyber Risks Through a Business Lens

Cyber risk reports often focus on technical details and technological risks. Yet, leaders, CEOs and board members should view cyberattacks as business risks and think about the holistic impacts that cyber breaches can have on business reputation, company culture, and profitability.

Manage the Extended Enterprise

Leaders must also pay special attention to their organization’s extended enterprise and the security flaws these partners could expose. Deloitte recently found that a majority of CEOs fail to hold their extended enterprise to the same risk standards as their own organizations and leaders see IT providers as the third parties that pose the greatest threat. These third parties expose the organization to significant cyber threats. But because these providers are external, they’re beyond management’s direct control. It’s critical that IT vendors are effectively managed and that the entire enterprise is held to strong security standards in 2019.

Increase Investment in Threat Detection

In 2019, leaders must increase investments in enhancing cyber threat intelligence and analytics capabilities. Deloitte recently found that leaders are least likely to invest in improving threat detection while more board members than CEOs cite new technologies as a priority. Prioritizing threat detection will be a key opportunity in 2019 and CEOs and Board Members must align on investment strategy in order to move forward.

Integrate IT security with Business Risk Management

The traditional discipline of IT security, isolated from a more comprehensive risk-based approach, is no longer enough to protect organizations. To grow, streamline, and innovate, organizations must integrate IT security into leadership and business decisions in order to keep pace with the evolution of cyber threats.

Involve Leaders

CEOs and board members rank cybersecurity as their greatest concern, but only 30 percent on average describe themselves as highly engaged in the area, signaling the need for more robust cyber risk strategy, governance, and management frameworks through today’s increasing dependence on technology. To engage senior leaders, the CIO and CISO should develop business-focused cyber risk reporting, rather than overly technical reports with a focus on business impacts and risks. Engaging senior leaders in cyber is key to moving from simply identifying security threats and fixes to defining business impacts, governance methods, risk escalation steps, and organizational responses.

Utilize Threat Intelligence Programs

Companies can use threat intelligence programs to proactively identify and monitor risks. For example, Deloitte’s Insider Threat and Predictive Risk Intelligence programs identify and “disrupt” internal and external issues that could open the company up to cyber attacks.

For reprint and licensing requests for this article, click here.
Data security Cyber security Cyber attacks
MORE FROM DIGITAL INSURANCE