Optimizing your cybersecurity strategy | 2021 Roadmap

Four in 5 companies have seen an increase in cyber attacks this year, likely fuelled by the COVID-19 pandemic. Phishing attempts have risen 600% since the end of February. Organized crime gangs account for 55% of attacks and human error accounts for 22%.

Source: Fintech News

More and more companies are accelerating their digital transition while investing time and effort in security infrastructure upgrades – all with very few results. What are they doing wrong? Why is their cybersecurity strategy not paying off during these critical times?

Security is a business decision, not a product. Business transformation is more than ambition fueled by technology. It is a major change in business thinking. It is about asking the right questions and changing business models through innovation.

Time for a reboot: here are a few challenges and misconceptions to overcome when designing an efficient cybersecurity roadmap:

• Treating security as a purely technical problem – this leads to poor investment decisions and in-box thinking. Cyber security is about people, processes, and technology.
• Metrics are king – monitoring past indicators like the number of monthly attacks won’t keep your data safe. Focus on what you can control: optimize the governance model.
• Hiding behind regulations – compliance is not protection. Execution defines security results. Avoid overspending, choose an IT partner that doesn’t charge you for compliance audits – these should be default.
• IT investments based on unrealistic expectations – learning from mistakes and having clear-cut and feasible action steps are mandatory for healthier security habits.
• Putting frameworks over context – cybersecurity standards like NIST or ISO 2700x are not enough when businesses evolve past a certain maturity level. Contextualization becomes stringent, an agile approach on IT management is now mandatory.
• More budget means more security – more money doesn’t always mean better protection. Choosing a multidisciplinary IT provider is the way to go for good ROI and high grade security.
• Not fully understanding third-party risks – outsourcing major business functions can be catastrophic. To avoid this, the security team must be fully involved in the decision alongside executives.
• Zero tolerance for cyber security risk approach – this is unrealistic. Effective risk decision making and contingency plans should be at the core, not impossible objectives.
• Fixating on current and recurring threats – security readiness through agile investments and constant IT optimization should be the priority. Owning what you can influence and staying alert, not only reacting to an ever changing environment.
• Choosing control over performance – most CIOs and executives worry more about having IT control than actual results. Outcome-Driven Metrics (ODM) are a great cybersecurity prioritization tool by enabling business-relevant communication across the team.

Adapt to survive, keep up to protect your business

Think bigger. Act fast, start now! If you don’t have a cloud-based IT infrastructure in place, you are definitely missing out, and your business data is very vulnerable.

Source: Gartner

Cybersecurity Roadmap | 10 Action Steps to get you started

1. Assess and update your cybersecurity performance and processes;

2. Identify IT infrastructure costs that can be optimized;

3. Consider upgrading cybersecurity capabilities through smart IT outsourcing;

4. Adopt Cloud-based IT or assess your Cloud vulnerabilities;

5. Bulletproof your remote work network through education and tech;

6. Set up or strengthen Backup and Disaster Recovery tools and procedure;

7. Stay compliant with GDPR and other industry laws and regulations;

8. Train your employees and make sure they follow data protection best practices;

9. Make employee retention a priority and consider adopting the lean team approach;

10. Make sure executives and technical staff are working together for innovation and business growth

“By 2023, 30% of chief information security officers’ (CISOs’) effectiveness will be directly measured on the role’s ability to create value for the business.” This means that we are witnessing the rise of collaborative leadership with shared responsibility, that cybersecurity is no longer solely tech-led, but a key topic on the CEO’s strategic agendas and an operational focal point.

The Agile Cybersecurity Strategy | Core Principles

1. Choose an adaptive security framework

Adopt methodologies that proved to be effective, for example CARTA – continuous adaptive risk and trust assessment. Or create your own – build agile development environments and enable stronger, more stable ecosystems with the help of reliable, best-in-class partners.

2. Detect and prevent

Find the cause of breaches, not the people to blame. Use anti-phishing behavior management (APBM). Protect the email gateway. Isolate vulnerable systems. Reduce reliance on static personal data, increase dynamic data for identification. Innovate, test and monitor periodically, not only in turbulent times. Stay alert!

3. Build trust through collaboration

The new digital business ecosystem demands a shift from check-box compliance to risk decision making – through efficient, people-centric communication that is adding business value.

4. Nurture and seed talent

Invest time and resources in your hiring and employee experience strategies, good cyber security talent is in great demand right now. Consider alternative locations with emerging talent pools, or partnering with IT teams.

Source: Gartner