Top honchos at leading companies are ramping up defences around their IT infrastructure in view of the escalating cyber threats, either by hiring cybersecurity support services or by enhancing the capabilities of their in-house cybersecurity team. They are supposedly on high alert and pouring in money to prevent recurrences of cyberattacks, such as the ones on Optus and Medibank Private. The stakes are really high, as brought out by the CEO of the National Australia Bank, Ross McEwan. According to him, the bank faces more than 50 million cyberattacks per month across its digital channels.
It is only due to the bank’s robust cybersecurity mechanism that such attacks are prevented from compromising its systems. However, given the ever increasing sophistication of attack vectors, enterprises have to be on their toes. They cannot take it easy after implementing cybersecurity measures, and have to keep it updated by complying with the latest industry standards and following best practices.
Cybersecurity: A Holistic Process
Cybersecurity should be the cornerstone of every business worth its name and is critical to fostering resilience across the value chain. CEOs must understand that managing cyber risks is a continuous process that must be carried out 24 hours a day, seven days a week. It is a holistic process encompassing assessing risks and vulnerabilities existing in the IT environment, designating critical infrastructure for protection, pursuing risk mitigation practices, and complying with mandatory regulations, among others.
Wayne Byers, the Chairman of Australia’s Prudential Regulator, stated at a parliamentary committee meeting that cyber attacks are going to happen irrespective of the measures put in place by enterprises. In no uncertain terms, this highlights the ominous portends for any digital infrastructure. As per a report of the World Economic Forum, prepared in association with the Internet Security Alliance, PwC, and the National Association of Corporate Directors (NACD), the principles for board governance of cyber risk are critical for enterprises to drive resilience. These principles are as follows:
1. Recognize cybersecurity as a strategic business enabler.
2. Understand the impact and economic drivers of cyber risk.
3. Align business needs with cyber risk management.
4. Create an organisational design that will support cybersecurity.
5. Integrate expertise in cybersecurity into board governance.
6. Encourage and enable the systemic resilience of the IT infrastructure.
The above-mentioned principles are a significant departure from the approaches enterprises are wont to follow, such as keeping breaches under wraps and underestimating the strategic nature of cyber risk. CEOs should take a proactive approach to business security by becoming cyber-aware and investing in strengthening cybersecurity capabilities. CEOs who take proactive steps to follow cybersecurity principles face significantly fewer cyber incidents, according to research. Further, CEOs who take a proactive approach to threats understand how resilient their systems are and how technology runs their businesses.
Make Cybersecurity a Part of the Business Culture
CEOs need to focus on ensuring optimal business performance, predicting cyber risks, and assessing their impact. In fact, they can prevent incidents of cybercrime from compromising their IT infrastructure by prioritising cybersecurity tasks and allowing for early intervention. Simply put, cybersecurity should be made a part of the business culture, where it becomes everyone’s responsibility rather than that of a select few individuals or teams.
CEOs should understand that attaining business goals does not run counter to enforcing cybersecurity measures, but rather they are aligned. Cybersecurity should not be discussed only in the wake of a major incident. It should be central to the overarching strategic business objectives. In fact, cybercriminals succeed as long as fundamental security issues continue to remain unaddressed. These issues may include employees failing to identify phishing emails, not monitoring alerts, unable to correlate events, and not offering prompt intervention, among others. So, the question remains:
1. Whether CEOs are investing funds in the key elements of securing their business infrastructure?
2. Do they know the key segments and why they need protecting?
Let us find out in the below-mentioned segment how CEOs can invest in implementing cybersecurity measures to secure their businesses.
How Do CEOs Strengthen the Defenses of Their Businesses?
As mentioned above, CEOs must take a holistic approach to implementing cybersecurity measures and not do so in a piecemeal manner. For instance, the Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies (aka the ACSC Essential Eight, or E8) for businesses to implement and mitigate incidences of cybersecurity. These strategies aim at addressing cyber threats, such as ransomware, targeted cyber intrusions by foreign intelligence services, external adversaries, and malicious insiders, among others. You may read the details of the Essential Eight strategies and apply them.
In addition to the Essential Eight strategies, CEOs must look at implementing other cybersecurity measures and meeting regulatory and non-regulatory compliances, such as ISO 27001, GDPR, APRA’s CPS 234, PCI-DSS, HIPAA, SSAE 18, and others.
Final Thoughts
Cybercrime has become more sophisticated and devastating in its impact than ever. As CEOs, it is important to understand the threats, the vulnerabilities in the business infrastructure, and the consequences. Remember, it is more critical than ever to invest in robust cybersecurity measures to improve organisational stability and drive cyber maturity.
Cybernetic Global Intelligence is one of the experienced cybersecurity companies working with organisations across domains and geographies to not only implement strong data protection measures but also ensure that compliance requirements are met. Call 1300 292 376 or send an email to contact@cybernetic-gi.com.