Accelerated digital transformation since the pandemic has highlighted how lack of preparation can be just as detrimental to organisations as an actual cyber attack. Going forward into 2022 and beyond, the rapidly changing landscape continues to create significant new cyber threats that will increase cyber risks on multiple global fronts via numerous evolving threat vectors.
The Cyber security considerations 2022 report by KPMG focuses on eight core areas to help business leaders better understand how cyber can support the business with a security plan based on shared accountability:
1. Expanding the Strategic Security Conversation
Change the conversation from cost and speed to effective security to help deliver enhanced business value and user experience.
Handling, and mitigating risk to help the strategic viability and operational sustainability of the entire organisation is a shared responsibility that starts with the business. CISOs and their teams should help leadership across the business gain an appreciation for what goes into security and privacy by design to better align security with the organization’s strategic business objectives.
2. Achieving the X-Factor: Critical Talent and Skillsets
Transform the posture of CISOs and their teams from cyber security enforcers to influencers.
Modern security programs, led by forward-thinking security teams, empower organisations to move with agility, pursue growth and serve customers better. As the threat landscape evolves, CISOs need to change the narrative so developers and the business lines understand that cyber exists to support rather than hinder.
3. Adapting Security for the Cloud
Enhance cloud security through automation — from deployment and monitoring to remediation.
While digital transformation propels cloud adoption and usage forward, it also puts institutions and businesses at greater cyber risk. Lack of cloud security skills means the business of protecting the organization operates at a distinct trust deficit.
Organizations can start by promoting the view that all data sitting in the cloud is the responsibility of the organization and ensure everyone understands cloud-specific security requirements and collaborate with the provider to avoid misconfigurations.
4. Placing Identity at the Heart of Zero Trust
Put IAM and zero-trust to work in today’s hyperconnected workplace.
In an environment where cybercriminals are often just a click away, organisations should adopt a zero-trust mindset and architecture, with identity and access management at the heart of it. Enterprises and institutions should consider new standards, tools, and strategies to better secure their systems, data, and infrastructure.
5. Exploiting Security Automation
Use smart deployment of security automation to help realize business value.
As the threat landscape continues to expand and increase in complexity, companies are successfully automating the security function and freeing up resources by applying automation to routine, repetitive tasks.
Start small; identify the use cases for automation that your organization truly needs and will be able to generate business value. Take a proactive approach to security automation by focusing on threats instead of incidents.
6. Protecting the Privacy Frontier
Move to a multidisciplinary approach to privacy risk management that embeds privacy and security by design.
Keeping individuals’ data secure and taking data privacy seriously is more than just implementing new processes to satisfy regulatory requirements — it’s a cultural shift. This should start at the top; with C-suite recognizing that data belongs to their customers, clients, and partners and they have a responsibility to collect and employ it legally and ethically.
7. Securing Beyond the Boundaries
Transform supply chain security approaches — from manual and time consuming to automated and collaborative.
Becoming a digital-first organization implies a data-centric approach in which data is shared on a near-constant basis throughout a complex and connected ecosystem of partners and suppliers. A strong risk management framework that looks both inward and outward is key especially for high-risk industries, such as financial services, energy, and healthcare.
8. Reframing the Cyber Resilience Conversation
Broaden the ability to sustain operations, recover rapidly and mitigate the consequences when a cyberattack occurs.
In today’s volatile digital environment, resilience should include consideration of how well companies understand, anticipate, and are prepared to recover from the potential impact of a major cyber incident.
It should be an organization-wide effort, and CISOs should educate leadership about the risk and consequences of a breach and why cyber resilience is so important.