CISCO: The evolution of industrial cybersecurity and cyber risk
Article Synopsis :
Businesses face increasing cybersecurity threats and breaches, but organisations have begun to realise that security must be part of the broader cyber risk program and not treated in isolation, according to this report from Cisco.
The process of digital transformation means that modern and legacy technologies and architectures have to coexist. Companies understand they must move from simple security control measures to implement a cross-functional cybersecurity lifecycle approach.
In plain English, that means taking a holistic approach that isn’t located solely in the IT function, but has those with responsibilities across the business to ensure continuity and ensure any protocols remain in place and fit for purpose.
Cybersecurity and cyber risk
However, there is confusion about cyber security and cyber risk management. The terms are often used interchangeably leading to a lack of clarity as to where one ends and the other starts.
Cyber risk is exposure to harm or loss from breaches of, or attacks on, information systems. Cybersecurity is a capability to protect against cyber risk. It encompasses the technologies, processes, and practices designed to protect networks, devices, applications, and data from attack, damage, or unauthorised access. This includes infrastructure, application, endpoint, user, and data security among others.
A new approach is required
The traditional approaches are no longer fit for purpose. In order to minimise risk, an organisation must adopt a cyber risk management lifecycle approach from risk analysis to automated continuous cyber risk monitoring.
Improved cyber risk maturity, requires better governance structures to be imposed by management that allows them to consider risk proactively, not just what faces them today, but those threats that will inevitably occur in the future. It must also align risk profile and exposures more closely with its strategy.
Aligning risk to strategy by identifying strategic risks and embedding risk management principles into planning cycles enables the company to identify and document 80%of the risks that have an impact on performance.
This gives confidence to communicate risk strategies to external stakeholders without worrying investors.
All in it together
The most important benefit aligning risk awareness and management practices from strategy to business operations enables the company to monitor risk developments more effectively.
Those responsible for cyber risk and the security controls to mitigate it will help keep the organisation within targeted parameters, in order to satisfy compliance, performance, and regulatory goals.
The report offers more insights, but perhaps the most important is that technology is not the be all and end all of protection. Cyber risk requires extensive collaboration between different parts of a business, though many of these distinctions – IT, security, etc – are becoming blurred in businesses that have truly made inroads into their digital transformation.
No system is 100% secure, but a systematic approach to address cyber risk life cycle is the best way to protect against most of the bread and butter attacks the business will face.
Link to Full Article:: click here
Digital Insurer's CommentsThis report from Cisco is something of a jargon salad, but with plenty of good solid insights in there to make it worth persevering with it.
The authors emphasise that cyber risk has evolved and even if the organisation’s digital transformation has not moved very far forward, the risks are greater every day.
Risks must be addressed in a holistic fashion and they are best aligned with strategy, which will allow the business as a whole to keep an eye on them and ensure their governance protocols are fit for purpose.
Link to Source:: click here