The cyber security journey – from denial to opportunity
- Published: Wednesday, 12 July 2017 10:25
BT and KPMG have jointly published a new cyber security report offering practical advice to businesses of all sizes on how best to manage their security journey and turn it into a business opportunity.
The new report, ‘The cyber security journey – from denial to opportunity’, warns businesses against falling into dangerous traps as they deal with the complexity of securing a digital enterprise. These include being stuck in ‘Denial’ and ‘Worry’ phases at one end of the spectrum, and ‘False Confidence’ and ‘Hard Lessons’ at the other end.
While the report stresses that investment in technology such as firewalls and antivirus protection is an essential ‘good housekeeping’ practice at the start of the security journey, firms should avoid throwing money away on IT security products as a knee-jerk reaction. This is especially true for companies who have matured from the stage of denial into the stage of constant worry, where investing in the latest technology can be viewed as the silver bullet to the problem. This common mistake can make such firms a target, not just for cyber criminals, but also for over-zealous IT salespeople.
Businesses must first assess their current controls against best practice to help identify any gaps and prioritise essential areas in which to invest. Furthermore, everyone in the organization, from the board down, must take responsibility for maintaining high standards of cyber hygiene, while businesses must invest in training and raise awareness amongst staff. This can help turn employees from the weakest point in any security chain into every company’s greatest asset in the fight to protect data.
Although cyber security issues are increasingly discussed at board level today, the report claims that those discussions are too infrequent and are treated as a separate and disconnected issue from broader operational risk. All too often, the issue of cyber security is not incorporated into the overarching business strategy.
The paper also argues that overly complex IT architecture can worsen security gaps. This is especially the case if the technology deployed is too difficult to use or there’s a lack of integration.
In order to address these risks and gain true leadership in cyber security, the report calls on firms to focus on good governance processes, the proper integration of technologies and to consider outsourcing some less critical aspects of their security to a trusted partner. This, combined with the sharing of intelligence, good practice and hard-won lessons among a network of peers and beyond would put the company in a position to think about cyber security differently. Namely, not as a risk which is discussed by the board perhaps twice a year, but as a business opportunity and enabler for digital transformation.The report is available for download here (registration required).