Lastest news

Cyber security challenges and how to overcome them

Jan 15, 2021

The past year has seen the fast digital growth of businesses. With it, however, comes the added risk of cyber-attacks. The best way to defend against these attacks, says Sarah Hipkin, is to invest in and plan your cybersecurity strategy.

After a year of accelerated digital transformation and increased cyber-attacks, it’s time for organisations to plan their Cybersecurity Strategy and Roadmap for 2021 with critical security lessons in mind.

With this rapid, unplanned shift to digital channels and changes in consumer and business behaviour, a cyber criminal’s playground has just expanded.

Current cybersecurity challenges

Digital transformation changes an organisation’s cybersecurity threat and risk landscape. Current cybersecurity challenges faced by organisations include:

  • critical information assets (e.g. bulk sensitive personal data or public-facing website) could be targets of attack;
  • motivations of cybercriminals and type of cyber threats are not fully understood; and
  • incident response teams taking too long to reconstruct cyber-attacks and take action to stop them.

Regardless of the type of nefarious activity an organisation may face, if a cyber threat materialises, a security incident can have a significant impact on an organisation in terms of cost, productivity and reputation. Being adequately prepared to detect and quickly respond to the changing nature of incidents will help to stop an attacker from inflicting further damage.

Cybersecurity strategy planning

2021 is the time to plan your cybersecurity strategy with these critical security challenges in mind. The strategy should ensure alignment between threat intelligence activities and business risks. Key activities will need to cover the following:

  • Identify critical information assets which are essential to business operations, including underlying infrastructure.
  • Collect information on adversaries’ motivations and intentions. What type of attacker may target your most valuable information assets? While most of the bad guys want to make money, whether stealing personal data, bringing down a website or shutting down critical services, their intentions will vary.
  • Develop knowledge of cybercriminals’ tactics which includes malware and tools for sale, sale of personal data and exchanges of new exploits.
  • Evaluate current effectiveness of systems security, including policies, processes, security training and staff capabilities to monitor, detect, analyse, and respond to cyber-attacks. The largest gaps in defences to protect critical information assets should be prioritised in the roadmap for improvement.
  • Prepare a strategic cybersecurity roadmap which outlines each recommendation, detailing:
    • the effects of losing or impairing the asset in costs, revenue losses, fines, reputational damage;
    • likely adversaries who have attacked similar organisations;
    • current deficiencies in defence layers; and
    • associated technical and business risks amount to be invested and its associated benefits.

Test response plan

Cyber-attacks can impact an organisation of any size and will often occur at a time that catches everyone off guard. Under pressure, an individual’s decision making can become clouded.

Scheduling a tabletop exercise with senior management and key operational staff to understand the realities of how a cyber incident would impact an organisation is critical. It will ensure everyone has a clear understanding of their role in responding to a cyber-attack and the organisational response, especially Board members who would likely be representing the organisation in the media.

Sarah Hipkin is Director of Consulting IT and Cyber at Mazars.