Explore our latest thought leadership, ideas, and insights on the issues that are shaping the future of business and society.
Choose a partner with intimate knowledge of your industry and first-hand experience of defining its future.
Discover our portfolio – constantly evolving to keep pace with the ever-changing needs of our clients.
Become part of a diverse collective of free-thinkers, entrepreneurs and experts – and help us to make a difference.
See our latest news, and stories from across the business, and explore our archives.
We are a global leader in partnering with companies to transform and manage their business by harnessing the power of technology.
Our number one ranked think-tank
Explore our brands
Explore our technology partners
Explore careers with our brands
Our always-connected world makes businesses more agile, efficient, and profitable. A connected enterprise also allows near real-time visibility and control over most dimensions of business. Reads like a happy story. There is a flip side to the connected enterprise, however. With almost each new instance and mode of connection, opportunities for malicious intent and cyber risk increase. We frequently hear of big and small corporations being hit by cyber-attacks and suffering consequent financial and reputational damage.
Do these attacks imply that the organizations that were hit did not have cybersecurity set up? Or, did they inadequately prioritize cybersecurity? I am sure the answer is a big NO. Most of them had security setups, tools, outsourcing partners, and processes. They were still hit. The reality is that no one can guarantee bulletproof security. But this certainly does not mean that an organization cannot aspire for a proactive and fit-for-purpose cybersecurity posture.
Corporations today will have shiny security tooling, and most will also have outsourced their security to a strong service provider, giving a sense of being well protected. The moot question is whether they honestly feel they have outsourced their cybersecurity risk to the service provider? And are they indeed getting return on investment on their security tooling and allied frameworks? Believe me, these are tough questions to answer.
Let’s look at the real situation. The security function in most cases has grown out of the evolving and expanding IT function and often organizations haven’t really looked at the design of their security organization in view of their business needs and emerging threats. Security in most cases is a bolt-on function, and often there is lack of direction in terms of a well-thought-of and articulated cybersecurity strategy and road map. Don’t be surprised to find cybersecurity as a couple of paragraphs or pages of the IT strategy/policy document and a subset of the IT budget. The correctness of the CISO reporting to the CIO has been a point of debate for a while now.
What should be happening is a formal business aligned assessment of the internal and external cyber risks, their prioritization and a cybersecurity vision and strategy document aimed at ensuring the optimal security posture for the corporation covering organization, operations, assets, tooling, compliance, and risk.
Recent cyber-attacks have shown that corporations can come to an absolute standstill when under attack and the period of rebuild and recovery is long. Some large organizations that were hit by WannaCry took three to four weeks to get their IT back on road and one can well understand the loss of operational productivity and the resultant financial impact. If there was data loss involving PII, the story gets darker.
So, what do you do? Just hope that you are not going to be hit? Certainly not. It’s never too late to make an earnest start. There are some options you could consider, let’s take a look:
Look at your current set up and just get the basics right.
Roll up your sleeves and take a hard look at your defensive posture and start asking tough questions.
Align with the long-term business vision and strategy.
Depending on where you are on your cybersecurity maturity, you need to decide where to begin!
To find out more about how we can help you, visit our Cybersecurity services page.
Samir Khare is a Cybersecurity expert responsible for delivering cybersecurity services to 160 plus global customers and also security portfolio development aligned to business needs and security technology evolution.
Follow Samir Khare on LinkedIn.