What can businesses do to build cyber resilience in 2020?
Defending against cyber threats is getting increasingly complicated. Hackers are using sophisticated tools and techniques while businesses struggle to evolve their security strategy to cover emerging threat vectors and the growing surface area of vulnerabilities.
With no definite cure or foolproof solution in sight, businesses need to find a way to bolster their defense with a security strategy that is fluid and responsive.
According to a recent study by Accenture entitled Innovate for Cyber Resilience, a group of organizations seems to be doing better than most when it comes to cybersecurity.
The report quantified that these organizations are 4x better at stopping attacks, 4x better at finding breaches faster, 3x better at fixing breaches faster, and 2x better at reducing breach impact.
Those statistics are great, so the surveying team looked into how the organizations built their cyber resilience and found that there were three things these leaders did differently. If other organizations make the same choices, they should have a strong chance of building up their cyber resilience as well:
# 1 | Invest for operational speed
Accenture’s team has found that companies that have an edge when it comes to defending themselves in cyberspace prioritize moving fast.
For leaders, operational speed in the cybersecurity division is measured by three factors: incident detection speed, post-incident recovery time, and cyber response time. Compared to peers that show poor cyber resilience, leaders place significant emphasis on these three factors.
Since stakeholders are impressed by results only, businesses that invest for operational speed also aggressively measure and track how many systems fell victim to an attack and for how long and how soon breaches (not incidents) were detected in a bid to fine-tune their strategy for better results.
Ultimately, the goal is to embrace the fact that attacks are common, and that damage can be significantly minimized if detection, response, and recovery speeds are optimized.
# 2 | Drive value from new investments
One of the most exciting lessons that organizations have learned from their digital transformation journey is that investments in technology yield significant rewards when scaled enterprise-wide.
It’s a lesson that leaders in the war against cyber attackers have remembered.
The study found that, compared to non-leaders, leaders are significantly more likely to scale up security tools they piloted.
The analysis also revealed that for the leaders best at scaling, only 5 percent of cyberattacks resulted in a security breach. For the non-leaders, 21 percent of cyberattacks resulted in a security breach.
Scaling security tools fast is something that non-leaders need to work on if they want to boost their cyber resilience in the near future. After all, cybersecurity programs for the best at scaling actively protect three-quarters of all key assets in the organization; non-leaders cover only one-half of their key assets.
# 3 | Sustain what they have
With cyberattacks getting increasingly sophisticated every day, it’s easy for companies to stay in a constant state of confusion. However, leaders focus on two things to ensure they are able to keep their focus —maintain existing investments and ensure they perform better at the basics.
Maintaining existing investments is key to leaders who prioritize sustaining the teams and tools they already have over scaling new capabilities or looking for new ones.
Non-leaders, on the other hand, tend to spread their budgets evenly between the three activities, which yields poor results.
Of course, the ultimate test of an organization’s cyber resilience is its ability to get the basics right. Most cyber attackers target customer records, hence, that’s where leaders are focused.
According to the survey, only 15 percent of leaders had more than 500,000 records exposed in the last year compared with 44 percent of non-leaders. That statistic speaks volumes about the security focus of leaders and provides direction to non-leaders about next steps.
5 October 2022
5 October 2022