Priya PatelTLDR:
- The cyber threat landscape is constantly evolving, and organizations need to improve their cyber maturity to stay resilient.
- The Global Cybersecurity Outlook Insight Report highlights the importance of a holistic approach to cybersecurity, focusing on stability, security, skills, sustainability, and sovereignty.
In a rapidly changing cyber threat landscape, organizations are facing challenges in improving their cyber maturity to stay resilient. The Global Cybersecurity Outlook Insight Report from the World Economic Forum emphasizes the need for a holistic approach to cybersecurity, focusing on key elements such as stability, security, skills, sustainability, and sovereignty.
Navigating the Cyber Threat Landscape – Australian Cyber Security Magazine
By John Penn, Security Propositions Architect at BT
The rapidly evolving cybersecurity threat landscape is not breaking news. Yet many organisations, for a multitude of reasons, such as budget constraints and skills shortages, aren’t reaching the level of cyber maturity needed to be resilient in the current threat landscape. While making sure the proverbial front door is locked and the right technology and processes are in place to prevent cyber-attacks, many organisations are leaving a window open by failing to adequately plan for when the front-line defences are breached. This year’s Global Cybersecurity Outlook Insight Report from the World Economic Forum (WEF) sounded the alarm on cyber inequity, or the widening gap between cyber-resilient organisations and those that are not. Cybersecurity protection begins with prevention but shouldn’t stop there. To create a truly resilient cyber strategy, we need to consider a holistic approach that includes the five S’s: stability, security, skills, sustainability, and sovereignty. Only when this five-part cybersecurity strategy is integrated into your organisation’s fabric as a shared responsibility can you stay ahead of threats, create resiliency from the inside out, and safeguard your valuable assets.
Stability:
An all-fronts resiliency plan requires establishing a baseline to understand your current cyber security maturity. Many Australian companies have robust preventative tools but lack adequate detection and recovery strategies. So, defining a strategy that highlights weak points and progresses you towards a target end state is critical. Consider what policies and guardrails, data handling procedures, incident response plans, and regular security assessments you might need to ensure this. Another crucial area of consideration is an assessment of your supply chain and third-party risk, particularly in light of the dramatic drop in cyber resilience identified in the WEF report.
Security:
Once your plans are defined, it is important to assess your current technology mix and determine whether it still meets your needs. An in-depth defence strategy will provide you with layers of protection. This should include data security, application security, identity security, endpoint, network and cloud security. It is essential to include preventative controls that consider how well you are able to detect threats, and whether your detection and response capabilities need review. One security buzzword that it’s worth looking into is zero trust.
Skills:
When it comes to the people on the bus, there are four groups that you’ll need to think about. The first is your general user community. They are your first line of defence, and security awareness training coupled with a blameless culture is critical to switching on your ‘human firewall’. Second is the skillset and capacity of your cyber team. Do they have the right training to get the best out of the tools you’ve got (and are planning to deploy)? And, more importantly, do they have the bandwidth to manage the current alert load?
Sustainability:
Managing your cyber threat landscape is critical to business sustainability and continuity. Cyber incidents are more likely a ‘when’ not an ‘if’ scenario. The key to business continuity is being able to recover quickly.
Sovereignty:
Governments worldwide have increased their focus on data sovereignty, reflected in the introduction of tighter industry regulations. What’s important for you to understand is where your data is stored, including your cloud services and in transit over your networks. Does the traffic pass through undesirable locations?
