By Maximilian Clarke
As London’s Conference on Cyberspace gets underway, media outlets have been focusing on the damaging effects the growing cybercrime black market is having on the world’s economy.
Discussing the increasing number, complexity and audacity of modern cyber criminals, William Beer- a security expert at PwC, outlines his 6 key steps to minimise the security threat for business:
“The cyber security industry is in freefall. Operating securely in the cyber environment is among the most urgent issues facing business and government leaders today. But many organisations have a long way to go if they are to combat the incredible resourcefulness and ability of the attackers. The criminals are nimble and quick on their feet, and this a fast-paced battle. Despite the growing threat, leaders continue to focus on exploiting the opportunities of cyber and are ignoring the risks.
1. Clarify roles and responsibilities
The CEO needs to come to grips with the threats from the Internet–which is why PwC has introduced the concept of the ‘cyber savvy CEO’. We believe that leadership by a cyber savvy CEO will enable the organisation to understand the opportunities and realise them securely and sustainably through effective security. Those who truly understand the risks and opportunities of the cyber world will be a defining characteristic of those organisations.
2. Reassess the security function’s fitness and readiness for the cyber world
Organisations already have IT security functions that may be doing a good job in protecting against traditional threats. But as new risks emerge, the focus needs to be upgrading or transforming the existing capabilities to ensure that the organisation’s responses to its security needs fully encompass cyber security.
3. Achieve 360-degree situational awareness
To align its security function and priorities as closely as possible with the realities of the cyber world, organisations need a clear understanding of the current and emerging cyber environment. This demands situational awareness, which is a prerequisite for well-informed decisions on cyber security actions and processes.
4. Create a cyber incident response team
Traditional organisational structures may have the unintended effect of hampering the quick and decisive responses needed in the cyber environment. Many organisations will already have an incident response team but the speed and unpredictability of cyber threats mean this may need to be adapted and streamlined. A well-functioning cyber incident response team means an incident spotted anywhere in the business will be tracked, risk-assessed and escalated.
5. Nurture and share skills
Any organisation needs to invest in cyber skills. However, these are in short supply. Given the restricted supply of cyber-savvy talent, it is up to employers to find new ways of inspiring those with the skills and desire to keep their businesses safe. Some organisations may even want to consider more radical approaches, such as putting younger employees on a board committee focused on cyber security.
6. Take a more active and transparent stance towards threats
The unpredictable and high-profile nature of cyber threats tends to engender a defensive mindset. But a number of cyber-savvy organisations are now getting onto the front foot by adopting a more active stance towards attackers, pursuing them more actively through legal means, and communicating more publicly about their cyber threats, incidents and responses. By taking a more active stance, the organisation can show that it takes attacks seriously and will strive to bring offenders to justice.
Join us on