Cybersecurity must be an imperative at board, C-suite level

Businesses today are reliant on technology since digital systems have now become the lifeblood for most organisations. Yet every technological advancement is as full of peril as it is of promise. This increased digitisation and infusion of technology to core business operations has brought about emergent cyber risks that have now evolved over time.

All the while that technological change gathers momentum and information becomes more critical to bottom-line activities, the speed and severity of security threats intensifies.

Given the mission-critical nature of data in nearly every aspect of modern enterprise, organisations are facing not simply escalating risk, but the near-certainty that they will suffer an information security breach. Cybersecurity threats are evolving with unparalleled speed, complexity and impact, with reported breaches of information security rising annually by more than 50 per cent according to the EY Global Information Security Survey.

Additionally, new technologies such as artificial intelligence and machine learning are providing attackers with enhanced tools for more complex attacks. Organisations are no longer asking “are we secure”, but “how can we ensure that the information most important to our business will be secure enough”.

Cyber hackers have now moved to more sophisticated agendas such as espionage, disinformation, market manipulation and disruption of infrastructure, on top of previous threats such as data theft, extortion and vandalism.

The harsh reality of today’s cyber threat environment means that there may be only two kinds of organisations - those that have been breached and know it, and those that remain dangerously oblivious to it. Cyber security threats are constantly evolving targeting organisations of all sizes across the different sectors. Attackers today are patient, persistent, and sophisticated, and attack not only technology, but increasingly, people and processes. The challenges faced today have altered expectations, strained resources, and caused a paradigm shift in Cybersecurity.Companies continue to make significant moves to respond to cyber threats by addressing vulnerabilities with increased resources, training, governance and integration.

However, the number and sophistication of threats has also increased, and is challenging Information Security functions to keep up.

As a result, the gap between what Information Security functions are doing and should be doing has widened. With so much at stake – intellectual property, customer, operations and financial data, and organisational reputation – informed leaders are realizing that it is time for a fundamental rethink of how information security is understood and positioned within their organisation.

Being able to mitigate these threats requires businesses to not only think of cybersecurity as a business risk, but to act on this too. Successful protection of a company requires the business to think about what these cyber risks mean for the business as a whole and for its customers. The weaknesses that expose organisations to increased cyber risks fall into broad categories:

Digital security is misaligned within organisational priorities, response frameworks are outdated, incomplete and remain too focused on IT, solutions have traditionally relied on ‘bolt-on’ upgrades and a multitude of heterogeneous security software products, lines of accountability within organizations are unclear and analytics are underutilised.

ANTHONY MUIYORO, cybersecurity manager at EY.