These days you can read about the economic forecast, and no one is optimistic. The commercial war unleashed by Trump administration, the uncertainty of Brexit or the slowing down of China’s growth (one of the world’s economic engines), are some of the main issues causing concerns. Furthermore, Mario Draghi, president of the European Central Bank (ECB), or Christine Lagarde, managing director of the International Monetary Fund (IMF), warned of the dangers that lurk, inviting countries to begin the preparations for a potential world economic slow-down.
So far nothing related with cybersecurity.
Continuing with this contextualization, in early 2019 the Board Conference organization published the results of a survey with this striking headline:
“U.S. CEOs Are More Worried About Cybersecurity Than a Possible Recession”
A glance at the survey results reveals two explicit headlines :
- “U.S. CEOs rank cyber security as their #1 external concern for 2019”
- “In Europe, the compliance with data privacy regulation is ranked as 8th internal concern by CEOs”
The traditional methods do not take into account the wide range of the following issues related to …
- The variety, number and complexity of threats has increased, …the growing underground economy, ransomware, cyber-weapons, new classes of vulnerabilities, exploitation techniques, reverse engineering, etc.
- We are seeing how these threats are realized in ever-more varied attacks which focus on social media, sophisticated credential harvesting and ways to manipulate foundational internet services.
- There is an endless list of data-breaches which might trigger a collapse of targeted companies.
- The well-armed adversaries who utilize AI, and Machine learning, are also ready for IOT manipulation.
This is scary.
What to do?
Procure new tools to build stronger walls? Sharper algorithms to predict risk? AI and machine learning to help outsmart cybercriminals? If you have the money, invest it. Otherwise please take seriously the following recommendations:
- Take a robust and well-defined organizational security strategy, if not, at least an operational framework. If you do not know how to do it, please ASK!
- This is crucial for fulfilling business requirements:
- 1. Take a risk-based approach, especially with areas in your company and employees. Take time to identify which areas/employees, from the top down, represent the greatest risk if a breach were to occur.
- 2. Provide incentives and recognition for good behavior. Developing a security awareness program and updating it each year, is very important, but it is better if the employees feel like they play a relevant role in strengthening the security and control of the company.
- 3. Set up policies. Hold employees accountable for their actions! That’s why policies need to be set up and communicated.
- 4. Invest in technology. Having a well-balanced security strategy paired with those technologies should be the goal of every company. Again, we can help you!
- 5. Develop your security team. The scarcity of security professionals is a handicap, but you need to have an open-mind. Today, recruiting talent requires a wider view of candidates, who think differently, and come from different places to deliver truly effective security.
- 6. Work with security experts . Nobody knows everything! Those who are facing on a daily basis multidimensional issues on the front lines, will help your organization. You know who…
- Last but not least, evangelize your company: Too often security can be viewed as a barrier, but ultimately, it’s the only way to help protect the enterprise from threats and avoid data breaches.
As Rohit Ghai, RSA President mentioned during the opening conference in March: “We are not just protecting data and applications and infrastructures. We are in the business of protecting trust.“
Trust is to the economy what blood is for any living being.
A2secure is one of the best partners on this journey.
Author: Joan Balcells