Six golden rules for successfully managing cyber risk | Deloitte UK has been saved
People, places and products are all becoming increasingly connected. And, with the breakneck speed of innovation, that’s only going to continue apace.
But, for every yin there must be yang; and the seemingly boundless possibilities opened up by the connected business also come with risks. The more devices we have, and the more data they hold, the more risk they open up. As organisations strive to innovate and drive performance through connectivity, the very things they create engender more cyber risk.
This process can take a number of forms. New business models are creating organisations without borders; they need to protect data and personal information beyond their physical premises. Likewise, technology forces are driving complex, multi-vendor environments, which add vulnerabilities and new potential points of attack.
Products and the means by which they are produced, through initiatives such as Industry 4.0, are now connected too – adding even more complexity and millions more data points to our networks of devices. But in many cases, changes to applications and infrastructure do not adequately consider the new security ramifications this creates.
So the potential threats are multitude and evolving, as are their sources. A cyber-attack can come from hackers, activists, protest groups, criminals, nation states, or even someone within your own organisation. Likewise, they can be targeting anything within your business, from your production processes and the product itself right through to your IP, online presence and customers.
With so many potential aggressors, so many vulnerabilities and so many points of entry, it’s no wonder cyber incidents are so ubiquitous. But the good news is that there are many ways of mitigating cyber risk. The first step is to consider it from a range of different angles, among them: how does it affect customer protection? What does it mean from a legislation and regulatory compliance perspective?
Next, consider how different parts of your business, and the people within it, relate to cyber risk. The board may want to ask whether they feel informed enough. Different business units may want to consider how it could affect their ability to deliver safe and secure products.
Finally, it helps to look at where cyber risk is managed successfully. From our experience, they tend to have several common characteristics:
Whatever steps you take to mitigate cyber risk, ensure you’re adhering to three principles: security, vigilance and resilience. That means you have risk-prioritised controls put in place to defend critical assets, threat intelligence and situational awareness, and preparations in place to help you recover from any cyber incidents.
You may also be interested in:
Three ways we can encourage more “IT” girls
A day in the life of… Sithu Aye
A day in the life of… Elizabeth Hollinger
The Ascent of Digital: challenges and opportunities ahead for the public sector