Exco Risk Technology

A fundamentally different approach is needed when dealing with cyber risk

Changing the game on cyber risk

This report encourages businesses to gain more situational awareness to threats that are prevalent within their industry in general as well as those that are unique to their business. It helps them understand where threats are coming from, what their motives might be, and what can be done in advance to anticipate or respond to an incident.

Despite heightened attention and increased spending on cyber security measures, the number of cyber incidents – and their associated cost – continues to rise. This phenomenon is attributed to the growing sophistication of hackers, a rapid evolution of technological and digital landscapes and an increased reliance from business on technologies aimed at improving the efficiency of their operations.

According to a report released by Deloitte Risk Advisory team on Changing the game on cyber risk 2014”,the scary truth is that these days your business strategic models aimed at business growth are at the heart of the cyber risks that your organisation faces.

Business and the digital landscape

Business efforts to use digital tech to grow, serve and differentiate offerings in the market are now targeted by attackers, as such information can be used against you.

Given that technology touches every point of business it becomes clear that protecting everything, while not impossible, would become economically impractical and would impede most of your organisation’s strategic initiatives.

By developing an ongoing cyber programme aimed at being more secure vigilant and resilient your organisation can be more confident in defending against cyber risk, which in turn will justify the spend on such an investment.

Being Secure

You can’t secure everything equally. Being secure means focusing your protection efforts around the risk-sensitive assets at the heart of your organisations mission. Attackers motivated by financial gain tend to operate on a cost or reward basis. A strong cyber defence raises the risk of completing a job most likely deterring any efforts to attack your business.

It is important to address weak points across the business process, most importantly the following areas: data applications, specialised control systems and critical infrastructure need focused security attention from organisations. Sensitive data can be found anywhere across your business and may be viewed by more users than necessary, opening the door to potential risk incidents.

Being vigilant

Organisations need to develop threat awareness throughout their processes and developing the capacity to detect patterns of behaviour which may detect or even predict the compromise of critical assets.

Keys to being vigilant

Take heed of the following:

  • Know your industry landscape
  • Understand the specific business risk your firm faces
  • Design threat detection systems
  • Consider and plot the potential motivations for cyber threats from your competitors
  • Consider the implications of an accidental incident borne from your employees or partners

Being resilient

To be resilient an organisation must be geared toward rapidly containing the damaged caused by a targeted threat, having the capacity to mobilise all resources to minimise the impact of the threat safe guarding against:

  • Loss of revenue
  • Brand reputational damage
  • Operational disruption

Response to cyber incidents are viewed primarily as a technical function for business, however resilience not only requires investment toward technical capabilities to handle a cyber crisis, but also to a complete set of crisis management capabilities that involve a host of business unit leaders and decision makers. Protection against these threats must become an entire business responsibility.

It won’t work without governance

To drive a secure a secure, vigilant and resilient cyber risk programme over the traditional standard IT driven security programme, your business must realise that the approach is not driven by spending money high tech security programmes. It’s about tailoring and identifying what assets and operations are most important to the business and protecting them from cyber attacks.

Where to begin if you haven’t started

The report lists this 4 step process to help you get your business on the right cyber protection direction:

  1. Appoint a senior executive to the project: A cyber crisis requires a strong leader to drive cohesive and decisive action
  2. Map the threats to the business assets that matter: Gather your top business executives and threat intelligence specialist to pre-emptively discuss who or what could cause harm to your organisation.
  3. Launch pilot initiatives: Identify tests which directly affect your business or your mission achievements to drive a secure, vigilant and resilient culture within the business.
  4. Accelerate behavioural change through incentives and experience based awareness campaigns: Create active learning scenarios that give a deeper understanding of the impact of cyber risk exposure.

For more information on how to become secure vigilant and resilient download the report here

If you have any questions or require a more detailed discussion, feel free to contact (Cathy Gibson), Africa Leader, Cyber Risk and Resilience, Deloitte Risk Advisory.

About the author

David Graham

Leave a Comment