The reason why a cybersecurity posture should be holistic is due to the array of risks organizations have to manage. When you consider that cybersecurity threats involve anything from a DDoS attack to malware that gets into a network through a phishing email or social engineering attacks, you begin to acknowledge the complexity of the risks you could face. This is also why; incident response is part of a holistic cybersecurity posture.
There are a multitude of organizations that have been hit by breach and/or ransomware who ended up spending more on fixing and containing the attack because instead of having everything set up ahead of time, including an incident response team and plan, they patched their cybersecurity activities by adopting tools or tech, or maybe by hiring one or two security professionals (if they’re lucky) to keep everything in check.
The fact that cybersecurity has to become part of the business process, and therefore that incident response is essential, has yet to become part of what organizations think of when they set up cybersecurity. In fact, some of the reasons why companies fail at incident response include cybersecurity knowledge across the organization and metrics that reflect return on investment (ROI) in the business sense.
ROI and cybersecurity continue to be discussed extensively throughout the industry because of it being one of the biggest obstacles to adopting a holistic cybersecurity posture that includes incident response. Unfortunately, it will continue to be untranslatable in business terms as long as the board and executives don’t understand the damage of insecurity without having to fall victims of breach first.
One suggestion for any security executive reading this is to share news on organizations that have been hit by breach and the costs that came with having to fix and contain the breach after the fact. A recent example is the city of Atlanta; but even if you want to go back in time, the Target breach or Equifax could also be very helpful in making your point to the CEO and board, anyone who will listen.
If you’re an executive or board member reading this, you want to be aware that your CIO or CISO may not be telling you everything you need to know about the problems within your network’s security. They could be scared to lose their job, or they know there’s a limited budget and therefore are doing the best they can with what they have.
As long as one person within an organization has the company’s best interest in mind, communication should stay open no matter the challenge. Incident response is what can get you to decrease the damage that comes with breach and it can get you started on acknowledging the value of the three components to a holistic cybersecurity approach: people, process, and technology.
A study by Accenture reveals that:
- Nearly half of CISOs acknowledge that their responsibilities for securing the organization are growing faster than their ability to address security issues.
- Only half of organizations provide employee cybersecurity training to all employees upon joining the organization and have regular awareness training throughout employment.
- And just 40% of CISOs always confer with business-unit leaders to understand the business before proposing a security approach.
These few data points from the study show the continued challenges organizations face with communication and training on cybersecurity topics within the enterprise. The quick fix solutions and hoping tech and a few security experts onboard will do the trick is not going to work.
Let’s talk about a holistic cybersecurity posture for your organization and what steps you’re taking for an incident response plan and team.
Photo courtesy of wavebreakmedia