Cybersecurity is a tough business, and it's getting tougher. Threat levels increase every year. A range of bad guys from state-sponsored hackers to bedroom-based 'script kiddies' have got organizations in their digital sights. And, as the business world continues to undergo a digital transformation, pressure is ramped up on cybersecurity professionals by an exponential rise in the number of transactions, increased demand for open sharing, tighter regulation and rising consumer awareness of the value of their data. And if it all goes wrong, the effects on an organization can be potentially catastrophic. Just ask Equifax.
So what to do? According to Jelger Groenland, our Cybersecurity Lead, there are some simple steps to mitigate your risk, maximise your return on security investment, and turn cybersecurity into a commercial positive for your organization.
1. Understand the trends driving security risk
Jelger says, "It's important for CISO's to understand how changes in the business environment are impacting the risk of cyber threats. Only then can an organization decide how to respond effectively".
The business world is embracing digital transformation at an unprecedented rate. As a result, organizations are collecting, sharing and storing more data than ever before. Where previously enterprise identity management had focused on employees and suppliers, we are now seeing a greater emphasis on integrating management of customer identities as well. And since this is often done through external cloud-based solutions, it's no longer all happening behind secure organizational firewalls. As organizations continue to collaborate and communicate with their customers at an exponential rate, the level of potential cyber risk accumulates rapidly.
With GDPR coming into effect in May 2018, the need for customers to have control over their personal data also becomes increasingly important. This capability is new to many organizations and both technology, processes and data governance models are often not ready for this shifting demand.
The potential consequences of failure are becoming more severe. Failure to comply with GDPR could result in fines of 4% of total global turnover, which is arguably less of a threat than the potential reputational damage to an organization.
2. Maximise your return on security investment
So we have a volatile cocktail of increased threat levels from weaponised malware, skyrocketing amounts of customer data which is increasingly managed by external third parties, and a rapidly heightening awareness amongst customers and regulators that customer data must be kept safe.
At the same time, security budgets are not unlimited. According to Jelger, "It's essential to maximise your organization's return on security investment. Security professionals are in an unfair fight where the level of cyber threats is almost unlimited. Organizations need to base their responses on a calculated assessment of how much risk can be reduced per euro spent."
INNOPAY offers a range of services to organizations which want to prepare themselves to reduce cyber risk.
Jelger explains, "The first thing we advise our clients is to undergo a Strategic Assessment which has three components to give an accurate picture of the situation. The first is a 'Maturity Assessment' which reveals how well the organization is prepared based on industry standards. Second is a 'Risk & Threat Assessment' during which we focus on the potential business impact of a cyberattack on the organization. Finally, we look at appropriate 'Technical Solutions' for the specific organization and think jointly about how these can be implemented effectively."
Jelger believes that the fast-developing domain of Machine Learning and Artificial Intelligence is a good example of a solution which speaks both to maximising investment and the appropriate use of technology. "With risk levels rising faster than cybersecurity budgets, CISO's have to get smarter about how they spend their money. The application of Machine Learning and AI to cybersecurity is still in the relatively early days, but commercial solutions already exist – such as IBM Watson for Security. The huge benefit of this sort of technology is that it can automate the monitoring of vast amounts of incoming traffic. So the cost comes down because you need fewer human analysts, and the level of efficiency rises because the software can respond so much faster".
3. Turn your cybersecurity into a commercial USP
According to Jelger, we should also bear in mind the significant commercial opportunity for organizations which get their security house in order. Consumers have a heightened awareness of the potential threat to their personal data (e.g. PSD2 gives them the opportunity to make that data available to a wide range of commercial organizations outside the secure confines of their bank).
As Jelger says, "Any organization which can demonstrate that it will securely manage a prospective customer's data is going to be very attractive. The key here is trust. If a customer trusts that you are taking security seriously, he will want to work with you. Organizations can differentiate themselves by taking a good security posture."
One of the best ways to gain that consumer trust is through accreditation. Accreditation is achieved by implementing the right standards and processes, by training your people appropriately, and through external auditing and assessment. We provide a range of services to facilitate this process for our clients, including the INNOPAY Academy.
The INNOPAY Academy provides outstanding training and preparation for accreditation in key domains such as cybersecurity. Using our own certified experts, we offer a unique range of training services which draw upon real-life use cases from our own business experiences. Watch out for our upcoming masterclass on the "Future of Access Management from a Risk Perspective" (March 2018).
Taking the smooth with the rough
It will never be possible to safeguard your organization against all cyber threats. In a world where data is shared more openly than ever before, and malware grows more sophisticated by the day, the best you can do is take the right steps to manage your risks and be smart about how you spend your security euros.
But we should not overlook the potential business benefits. By becoming an organization which is ahead of the game and focused on safeguarding its customers' data, you can become the company of choice in an increasingly risk-aware world.
INNOPAY is here to guide you every step of the way. Do you want to learn how INNOPAY can help you also to turn cybersecurity into a commercial benefit? Get in touch with us.