SOLUTION BRIEF
Risk Management Today – 3 Ways to Protect Your IT Castle Considering the Scope of Change Deloitte surveyed IT leaders about risk management,
70%
said executives consider compliance with regulatory standards a priority. However, they also said they don’t feel fully equipped to deal with regulatory demands.
The findings aren’t shocking, and the risk problem goes beyond regulatory compliance.
• More than 60% of those polled think exposure to risk has increased during the last year. • Approximately 90% identified cyber security among their top five risks. • A lack of skilled personnel was identified as a key challenge among 41% of those polled. Risk is a critical issue for modern businesses, and the problem is simply that the world is changing so quickly that companies can’t keep up.
There’s a classic cyber security analogy out there in which businesses are considered castles and hackers are people trying to attack the castle. The extended metaphor has held up well over the years because it’s right on. A business sets up defenses and sits back, monitoring activities, hoping hackers don’t find out how they’re protecting data or identify any cracks in the system. Meanwhile, people who want to get into the enterprise network castle can take their time analyzing every weak point, connecting with insiders to learn what businesses are doing and find that one area out of countless attack vectors that is just a bit weak. Now imagine that same castle, but with constant, unending construction. Businesses are changing so fast, deploying new technologies so quickly and dealing with markets that evolve at such a rapid pace that they can’t sit at ease in their safe castle and keep risk at bay. They must continually add on to and change their castle, creating more and more opportunities for risks to slip in between the cracks. The problem has become so acute that a recent PricewaterhouseCoopers study found that 66% of CEOs believe there are more threats to their business than there are opportunities to take advantage of. The news source explained that companies need to get offensive if they want to minimize risk. This means finding ways to simultaneously be agile and flexible with
Continued on next page
1-800-843-8733 • LearningTree.ca
SOLUTION BRIEF Risk Management Today – 3 Ways to Protect Your IT Castle (continued)
management so that companies are better positioned for the future while also ensuring resiliency in order to directly protect against risk.
risk. Data gives you the visibility you need to identify anomalies and quickly move to find out if they are signs of positive change or indicators of risk.
Being agile and resilient isn’t just a matter of hitting a moving target; it comes down to hitting a moving target while you are also on the move.
2. Set Clear Goals and Benchmarks Technological innovation is happening so fast that IT teams can’t afford to slow down to analyze each task and sniff out every potential risk. This is where agility comes in. Organizations must be able to withstand a degree of risk and deal with it quickly so that they can confidently move ahead in some areas without waiting for in-depth analysis. This kind of flexibility is only possible if you know exactly what goals and conditions you can’t compromise on so your users will understand where some risk is okay, and when they’ll need to slow down.
3. Train
So How Do Businesses Keep Up? Here are three tips that can help you get a head start:
1. Take Advantage of Analytics Data is your friend. Use it well and you can gain insights into what to expect in the future, evaluate past performance with greater accuracy, and identify big-picture trends that could impact your business. Equipping business and IT analysts with the tools they need to gather relevant data and put that information to use is critical moving forward. For example, having ample historic data about end-user patterns can be used alongside network monitoring to identify unusual behaviors and prevent insider threats from creating
Potential threats are analyzing your business all the time. Don’t get caught resting on your laurels. Businesses that want to stay ahead of risk need to train their employees on shifting conditions and ensure they are equipped to use the tools and technologies that will help them assess risk with precision.
Want to learn more? Check out Learning Tree’s catalog of courses on risk management, cyber security, and data analytics to learn about how these disciplines intersect and prepare your staff to stay ahead.
CA1611 ModRiskMgmt
Sources: 1. http://www2.deloitte.com/uk/en/pages/risk/articles/it-risk-management.html 2. http://www.pwc.com/us/en/risk-assurance/risk-in-review-study.html
1-800-843-8733 • LearningTree.ca