INFORMATION SECURITY
BUILDING CYBER RESILIENCE IS CRITICAL AS THREATS RISE CYBER SECURITY Given the pace of change and scale of threat in the digital world, Steve Durbin, managing director at the Information Security Forum, details how organisations can increase their cyber resilience profile over the next twelve months
I
t’s becoming an all-too-familiar refrain, but it’s nonetheless true — 2018 was another banner year for cyber crime, data breaches and reputational ruin. We’ve added political drama, such as government shutdowns and manipulated elections, to the usual drumbeat of personally identifiable information (PII) exposures, ransomware attacks and banking malware. Traditional security risks have long since become central business risks. The scope and intricacy of the challenges around sustaining a business and protecting data assets in the digital era have pushed cyber security risk to the top of the executive boardroom agenda. The threats are growing in every dimension: variety, scale, complexity, country of origin, and type of bad actor — from script kiddies and hacktivists to organised cyber crime rings and foreign intelligence operatives. Then there are the persistent factors like human error, loss and theft of physical devices, malicious insiders, and security skills gaps and shortages. In modern digital ecosystems, proactive risk management and multi-layered defence must be structured and sustained as enterprise-wide efforts.
44
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 37
GUARDING HIGH VALUE ASSETS IS A VITAL TO CULTIVATING RESILIENCE C-level executives and senior information security and IT practitioners are accountable to report and educate stakeholders about the corporate risks associated with their organisation’s activities in cyberspace. Highly publicised breaches, financial loss and a growing collection of privacy and security regulations have made the hot seats hotter in organisations around the world. The pressure is on to assure stakeholders that the highest value assets — the ones that pose the greatest risk to the company if compromised — are monitored and protected as comprehensively as possible. Assets such as property, plant and equipment are tangible. Digital assets are intangible and represent a distinct type of risk. The most valuable intangible assets generally fall into one of two buckets: legal, including trade secrets, copyrights and customer lists; and competitive, including company culture, collaboration activities and customer relationships. Both types are essential drivers of business continuity, market advantage, and shareholder
