Article

Cyber risk

It’s vital for private organizations to fully understand what’s happening across their infrastructures.

Experts everywhere consider cybersecurity to be one of today’s top three business risks. And private organizations are not immune. In an attacker’s eyes, all organizations are a target. And attackers may be seeking financial gain, access to vital information, or even a weak spot from which to infiltrate an organization’s clients. As a result, Canadian organizations are heavily focused on securing their infrastructures, putting effective controls in place, and maintaining a posture of vigilance and resilience.

Controls, however, can be bypassed. It’s vital for private organizations to fully understand what’s happening across their infrastructures to enable a quick response to security breaches. Timing is critical when detecting, mitigating, and even preventing damage.


Issues

In this riskier environment, Canadian businesses face increased regulatory pressures. Whether an organization holds personally identifiable information, payment card information, or protected health information, it’s the responsibility of the custodian to protect that information from getting into the wrong hands. Many organizations struggle to achieve this on their own. Turning to an experienced cybersecurity partner is helpful here.

Businesses face compliance pressures from their clients. As a result, many large organizations are working to shore up their defences, and turning to third-party risk assessments to demonstrate their infrastructure are indeed protected.

In the event of a security compromise, the costs incurred go beyond containment and eradication efforts. Businesses also suffer reputational damage as well as the general perception they are not secure. This could aftect the resiliency of the business as brand damage and lost sales take their toll. Should this happen, the organization has to work hard to regain clients’ confidence.

While the prospect of security breaches is daunting, planning and preparing for them doesn’t have to be.

Opportunities

While the prospect of security breaches is daunting, planning and preparing for them doesn’t have to be.

Private companies can get a cost-effective handle on their regulatory requirements by doing a quick assessment of their operating environment. Organizations should assess the data they’re holding and the controls already in place to protect it, then highlight any gaps. A thorough assessment will also include recommendations and a roadmap to help reach specific goals. This will prove invaluable when planning projects, setting budgets, and maintaining a viable cybersecurity program over the long term.

Additionally, businesses can shore up their cyber defences with enhanced intrusion- detection capabilities. New security information and event management technologies are becoming more prevalent; such technologies can be an affordable way to gain a broad view across an entire infrastructure and quickly highlight anomalies.

Of course, it’s just as important to be prepared for a breach as it is to guard against it. Businesses should have an incident response plan in place, with established procedures and communication protocols, before an attack happens. This will allow quick and consistent engagement with IT, legal, human resources, and other business units when time matters most. Meanwhile, the ability to implement a well-prepared communication plan, drafted in advance and based on potential impact areas, will do much to instill confidence with all stakeholder groups.

Questions to consider

  • Is the information within my organization subject to regulatory requirements?
  • Can I demonstrate a solid cyber risk management program to maintain my clients’ confidence?
  • Do I have the internal staff ready and available to build and maintain a sustainable cybersecurity program?
     

Author

Rocco Galletto
National leader
Vigilant and Managed Security Services
rgalletto@deloitte.ca
 

Did you find this useful?

Related topics