View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 21, 2019

Going Beyond Cyber Security Compliance: Why a 360° View is Crucial to Mitigate Cyber Risk

Real-time ‘always on’ approach

By CBR Staff Writer

AJ Thompson

AJ Thompson

Today’s businesses are under siege, day and night, from a threat which lies in the shadows of their IT networks and supply chains, writes AJ Thompson CCO of Northdoor plc.

Cyber-attacks have become one of the biggest threats for modern organisations, however this does not mean that businesses are powerless. The constant threat means businesses need a consistent approach to monitoring and mitigating cyber-attacks.

A False Sense of Security

There is no doubt that businesses are more aware of cyber security risks in 2019 and are taking some measures to safeguard their systems- the question remains however, is this enough?

There have been some notable attacks over the past few years that have impacted companies as diverse as Tesco to Facebook and the past decade has seen a raft of regulations and policies come into place, most notably GDPR. These policies are designed to ‘encourage’ businesses to increase the protection around their systems. As a result, companies are investing large amounts of time and money to secure adherence and to ensure that they are best equipped to protect themselves from the increasingly sophisticated and regular threat of cyberattacks.

However, the sheer number of these regulations have led some into a false sense of security. Understandably the number of steps and effort needed to ensure compliance to most regulations is significant. However, after securing adherence many companies sit back, happy that they have ticked all the boxes needed to remain secure.

It is essential that businesses are not only implementing solutions for the sake of compliance. To maintain a consistent cyber strategy, businesses need to transform their culture around cyber risk, ensuring that each person and process within the organisation is alert and prepared for threats.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Supply Chain Risks

The risk of an attack through a company’s supply chain has never been higher. Due to a boom in the open source economy, the majority of organisations now also outsource their software and hardware which increases their cyber vulnerability. Ideally, each device and application should first be vetted and then continually monitored for security risks, with patches consistently updated. Yet often this is not the case. Equifax is one such example of an organisation who suffered a large-scale breach in 2017 due to a vulnerability in its open source Apache Struts software, according to USA Today.

As a result, we have seen the ICO fine Equifax £500,000 for the failure to protect the personal data of 146 million people globally. If the attack was to take place today, in this new era of GDPR, the fine could have been €20 million or four percent of its annual turnover.

Proactive and Not Reactive

One might think that over the years of hacks and resulting regulations, most of the holes would now be closed and that organisations would be ready for even the most sophisticated attacks.

Unfortunately, the reverse is true. Hackers are constantly evolving their techniques which means companies must evolve their defences too and remain proactive in their defensive strategy. Sitting behind the wall you have built in order to secure compliance is no longer an acceptable method of defence. Hackers will always be one step ahead, so working continuously on your cyber-security strategy is a must if you are to remain not only compliant, but also secure.

Cyber Security Awareness at Every Level

Education is also a key aspect. The old adage that a company’s weakest point is its employees remains true. Many employees are simply unaware of the potential vulnerabilities in their everyday IT tasks. Open conversations within companies around these threats will highlight what these threats look like and help employees to be alert and attentive. Educating your employees is crucial, but companies should not forget another area of weakness -their supply chain. Access to systems and infrastructure through partners is common and ensuring that these access routes are secure is a crucial, but often overlooked aspect of cyber-security.

The Full Picture

Ultimately, organisations need to look at a solution that has the capabilities to map an entire ecosystem, offering them a 360° view of cyber risks that an organisation could potentially face.

This enables businesses to work collaboratively and openly within third- and fourth-party digital ecosystems with quantifiable and measurable cyber risk intelligence, allowing them to quickly and efficiently meet internal and external cyber risk compliance and governance requirements.

By using dashboards that provides a , it gives a holistic view of cyber security across enterprise and third-party supply chains. With a centralised exchange platform, organisations both up and down stream can safely and easily share cyber risk-related data.

A 360° solution produces a compound network effect through mapping the enterprise’s ecosystem of partners and suppliers. It also enables benchmarking against the cyber risk positions of industry peers and provides visibility of your enterprise’s cyber risk performance compared to the industry average. Having forensic data insights for security and risk gap analysis will further help to improve cyber risk posture.

Using a solution that looks for the latest threats across entire enterprise ecosystems, knowing where those threats are coming from, whether its supply chain or internally and also what they look like, is vital. Ensuring that your entire team are educated in what these threats look like and how to deal with them and having the processes in place that allow you to deal with them remain the basic, yet crucial elements to an effective cybersecurity strategy.

See Also: MIT Robotics: Researchers Create Lego-Like Microrobots

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.