Cyberattacks targeted at the corporate world continue to be on the increase. Terms like cyber espionage and corporate hacktivists are being thrown around over many boardroom tables these days, with decision makers expressing massive concern. The reality is that the cybercriminal world is evolving at a fast pace, however businesses are struggling to keep up.
While the boardroom has become aware of the importance of strong cyber approaches, often (and painfully) more effective cyber strategies are only looked into after an event has already occurred. In fact, the 2015 KPMG Global CEO Outlook study noted that nearly a third of CEOs list cyber security as the issue that has the biggest impact on their company today, yet only half feel prepared for a cyber-attack.
It has become evident that at a time when attackers are moving swiftly, the traditional approaches to IT security is no longer sufficient. A new way of thinking is needed. In fact, a change in approach and mind-set to effective IT security for today’s business is both necessary and long overdue.
The first step in developing a changed mind-set as a business owner is to understand the mind of the cybercriminal and of course, how they operate. The cybercriminal operating in this century can be considered a ruthless and resourceful entrepreneur with an end goal of financial gain. These cybercriminals are not just your ‘average Joe’ operating underground who can cause minimal damage. These criminals work off clearly defined and effective business models – aimed at causing damage.
This has resulted in the need for businesses to not only protect company data and network infrastructures, but to develop cyber defense strategies that extend beyond the prevention of systems breaches only, to incorporate a wider range of IT security measures aimed at making it much harder and more expensive for the criminals to use the information they procure or trade. Businesses should hold this view: the more precious the data – whether it’s retail customers’ payment details or customers’ intellectual property – the more urgent the need to protect it.
Furthermore, businesses need their cyber security divisions to be as creative and agile as the cyber attackers. This means not only using technology and software together for effective protection, but to also remain aware of the cybercriminal landscape, the movements and changes in this industry and trends at any given time. Given the pace of research and development in the cyber economy, businesses today need to place a focus on harnessing innovative technologies and approaches to effective IT security – to ensure that the approaches implemented today are as effective against the cybercriminal tactics used tomorrow and in the future.
Lastly, while most businesses are riding the technology and innovation train, considering the opportunities being digital creates (driving efficiencies, serving customers better and increasing profits), it must be noted that with the use of innovative technology comes the element of digital risk. Businesses need to consider the risk the digital world brings, when looking at a cyber defense strategy, and must develop a digital business model that is resilient to cyber-attacks and that can evolve with the business overtime, to remain relevant and of course, effective in the prevention of future cyber-attacks.
Considering all these important elements within cyber that needs business attention, perhaps soon we will be seeing more organisations bring together a variety of cyber security functions to better serve an organisation and its cyber needs as a whole. Moreover, also putting an end to treating cyber security as just being about the protection of corporate IT systems in a world where boundaries are clearly vanishing. Effective protection today is about understanding what a cyber defense strategy needs to look like and what it should be made up of – to not only react to cyber threats, but more importantly to predict and prevent them.