Shifting priorities

 

The 2020’s pandemic, subsequent economic turmoil and related social phenomena has paved the way for much-needed global digital transformation and the prioritisation of digital strategies. The rise in digitisation across all businesses, however, has accelerated cyber risk exponentially. With cloud-based attacks rising by 630% between January and April 2020(1), organisations are now turning their focus on how to benefit from digitisation whilst maintaining sufficiently secure digital environments for their services and clients.

 

A global challenge

 

A new digital setup could easily jeopardise organisations’ cyber safety. With data becoming companies’ most valuable asset, hackers are getting creative with increasingly-sophisticated threats and phishing attacks. According to the 2019 Data Breach Investigation Report(2) by Verizon, 32% of all verified data breaches appeared to be phishing.
As data leaks are increasing (3,800 alone in 2019), so is the cyber skill shortage. According to the MIT Technology Review report(3), there will be 3.5 million unfulfilled cybersecurity jobs in 2021; a rise of 350%. As a result of Covid-19 and digitised home working, cybersecurity professionals are high in demand to fill the gaps organisations’
currently face.

 

The way forward

Although tackling InfoSec breaches in the rapidly-evolving digital innovation landscape is not easy, it is essential to keep it as an absolute priority. In our work with regulated sector firms in financial services, pharma and energy as well as with fintechs, we see consistent steps that underpin successful information security risk management. We have created a leaderboard of 10 discussion points for COOs, CIOs and CISOs to keep up with their information security needs:

  • Information Security Standards
    Understand information security standards like NIST, ISO 27001/2 and BIP 0116/7 and put in place processes and controls accordingly. These are good practices to keep a secure digital environment and are vital to include in your risk mitigation strategy. Preventing cyber attacks and data breaches is less costly and less resource-exhaustive than dealing with the damage caused by these attacks. There are serious repercussions of security breaches in terms of cost and reputational damage, yet organisations still only look at the issue after the event. Data shows that firms prefer to take a passive approach to tackle these issues instead of taking steps to prevent them in the first place.
  • Managing security in cloud delivery models
    2020 has seen a rise in the use of SaaS applications to support employee engagement, workflow management and communication. While cloud is still an area in its preliminary stages, cloud adoption is rapidly accelerating. But many firms have initiated cloud migration projects without a firm understanding and design for the future business, customer or end user flows. This is critical to ensuring a good security infrastructure in a multi-cloud operating environment. How does your firm keep up with the latest developments in Cloud Management?
  • Operational resilience
    70% of Operational Risk professionals say that their priorities and focus have changed as a result of Covid-19(4). With less than half of businesses testing their continuity and business-preparedness initiatives(5), Coronavirus served as an eye-opener in terms of revisiting these questions. Did your business continuity plan prove successful? If so, what was the key to its success? How do you define and measure operational resilience in your business? Cross-functional data sets are increasingly vital for informed risk management.
  • Culture
    Cyber risk is not just a technology problem; it is a people
    problem. You cannot mitigate cyber risks with just technology;
    embedding the right culture within your team is vital. How do you make sure a cyber-secure company culture is kept up in remote working environments? Does your company already have an information security training plan in place?

 

  • Knowing what data is important
    Data is expanding exponentially – you have to know what you need to protect. Only by defining important data, reducing the signal-to-data noise and aggregating multiple data points can organisations look to protect them. As a firm, what percentage of your data elements are defined with an owner and user access workflow?
  • Speed of innovation means risk
    The speed of innovation is often faster than the speed of safety. As technology and data adoption is rapidly changing, data protection has to keep up as well – there is little point in investing in technology until you really understand your risks and your exposure to those risks. This is increasingly true of new business-tech frameworks, including DLT, AI and Open Banking. When looking at DLT and AI based processes – how do you define the security and thresholds?
  • Master the basics
    80% of UK companies and startups are not Cyber Essentials ready, which shows that the fundamentals of data security are not being dealt with. Larger companies are rigid and not sufficiently agile – more demands are being placed on teams but without sufficient resources and skills development. Large companies cannot innovate if they are not given the freedom to actually adapt. What is the blocker in your firm?
  • Collaborate with startups
    Thousands of innovative startups tackling cyber security currently exist and many more will begin their growth journey over the next few years. Larger businesses need to be more open to collaborating with them to help speed up advancements in the cyber risk space.
  • The right technology can play a key role in efficiency and speed
    We see the emerging operating models for firms are open API based, and organisations need to stitch together many point solutions. Technology can help here if deployed correctly. For
    instance, to join up multiple data, to provide transparency of
    messages crossing in and out of systems, to execute and detect
    information security processes and controls with 100x efficiency and speed. This will make a material difference in the new world of
    financial services.
  • Transparency of your supply chain
    Supply chains are becoming more data-driven than ever with increased number of core operations and IT services being outsourced. Attackers are using weak supplier controls to compromise client networks and dispersed dependencies create increased reliance and risk exposure from entities outside of your direct control. How do you manage the current pressure points of your supplier relationships?

 Next steps

 

Cyber risk (especially regarding data protection) is simultaneously a compliance problem (regulatory risk, legal risk etc.), an architecture problem (infrastructure, business continuity, etc.), and a business problem (reputational risk, loss of trust, ‘data poisoning’, competitor intelligence etc.). There are existing risk assessment frameworks for managing operational risk (example: ORMF) – why not plug in?
Getting the basics right, using industry standards, multi-cloud environments and transparency of supply chain are good places to start. These are all to do with holistic data risk management (HRM).
While all these individual issues pose problems on their own, they can be viewed through inter-relationships applying a holistic approach where a coordinated solution can be found to efficiently manage these issues as a whole. The solution lies in taking a more deliberate approach to cyber security and following this 4-step process:

 IDENTIFY
 ORGANISE
 ASSIGN
 RESOLVE

 

 

Find out more on Operational Resilience from Leading Point:
https://leadingpointfm.com/operational-resilience-data-infrastructure-and-aconsolidated-risk-view-is-pivotal-to-the-new-rules-on-operational-risk/#_edn2

Find out more on Data Kitchen, a Leading Point initiative:
https://leadingpointfm.com/the-data-kitchen-does-data-need-science/

 

 

(1) https://www.fintechnews.org/the-2020-cybersecurity-stats-you-need-to-know/

(2) https://www.techfunnel.com/information-technology/cyber-security-trends/

(3) https://www.technologyreview.com/2018/10/18/139708/a-cyber-skills-shortage-means-students-are-being-recruited-to-fight-off-hackers/

(4) https://leadingpointfm.com/operational-resilience-data-infrastructure-and-a-consolidated-risk-view-is-pivotal-to-the-new-rules-on-operational-risk/#_edn2

(5) https://securityintelligence.com/articles/these-cybersecurity-trends-could-get-a-boost-in-2020/

 

 

 

“With data becoming companies’ most valuable asset, hackers are getting creative with increasingly-sophisticated threats and phishing attacks.”

“Preventing cyber attacks and data breaches is less costly and less resource-exhaustive than dealing with the damage caused by these attacks.

“70% of Operational Risk professionals say that their priorities and focus have changed as a result of Covid-19.”

Rajen Madan

Founder & CEO

rajen@leadingpoint.io

Delivering Digital FS businesses. Change leader with over 20 years’ experience in helping firms with efficiency, revenue and risk management challenges

Aliz Gyenes

Leading Point

aliz@leadingpoint.io

Data Innovation, InfoSec, Investment behaviour research Helping businesses understand and improve their data strategy via the Leading Point Data Innovation Index

How Leading Point can help

Contact Us

Find out more

Subscribe

Subscribe to find out about our latest insights, news and services.

You have Successfully Subscribed!