Early this month, Accenture released results of its annual State of Cyber Resilience study, which asked more than 4,700 executives questions about their organizations’ effectiveness in halting cyberattacks. It’s no secret that cybercrimes are increasing in frequency and sophistication. There are even state-sponsored attacks that have compromised sensitive infrastructure.
Ryan LaSalle is Accenture Security’s North America leader and senior managing director. He says that resilience (as defined by the survey) refers to the ability to survive and thrive under cyberattacks. Can you achieve your business mission?” Can you help your customers? He asked, “Your stakeholders?” “Can you fulfill your mission while living in a contested environment?”
The survey covered a wide range of attacks, including data leaks, malicious actors gaining unauthorised access to equipment or ransomware that could delete or encrypt entire computing environments. LaSalle states. We looked at the effects of these attacks. These impacts were quantified in dollars in terms of outages and penalties .”
, as well as recovery costs.
Organization resilience can be measured by how successful they are in stopping attacks from succeeding, how fast they detect them, how quick they respond, and how well the fallout is controlled. LaSalle states that speed of detection and speed of response are key components to high performance.
TECH NEWS: Which Cyber Defender Are You?
The survey categorized respondents based on how they landed on a graph where the X and Y axes represent cyber defense resilience and business strategy alignment:
“Business Blockers” sought to prioritize cybersecurity resilience over the organization’s business strategy even to the point of being seen as impeding business objectives.
“The Vulnerable” did not have security measures aligned with their business strategy and held security at bare minimum.
“Cyber Risk Takers” focused on business growth and speed to market for the sake of the company strategy, though they understood and accepted the risks.
“Cyber Champions” pursued a balance where they aimed to protect the organization’s key assets while also aligning with business strategy so key objectives could still be pursued in a meaningful, reasonable fashion.
LaSalle says such graphing was necessary because security teams can have a reputation of being so focused on threat and risk, they do not understand how the business works. Some security personnel might be tempted to overcompensate in order to align their business strategy. He refers to The Vulnerable, and says that “the majority” have low security performance, low business alignment, and are therefore vulnerable. “The market looks like this most of the time.”
Security spending is up, LaSalle says, coming in at 15% of IT budgets in 2021 compared with 10% in 2020. He says that how organizations invest in security will determine whether it leads to better performance. He says that security and technology debt are very high for many people who fall under the “vulnerable” category. They have not historically kept up [tech] investment. They haven’t been able security embedded in all the programs that they need.
In the “Cyber Champions” group, working with the business was crucial, LaSalle said. Often, they had direct line of sight to the organization. He says that “the business runners, whether they were a VP or business line president, had actual accountability for security.” It’s part of their culture .”
and they perform better.
TECH NEWS: Cloud Security Question
Many enterprises are still struggling to find ways to secure their cloud-based business strategies. About a third of respondents said that discussions about security were not part their initial planning for the cloud. This left them scrambling to catch up. Security was the number one priority from the beginning of the cloud journey. LaSalle explains that security was the #1 reason why organizations have resisted moving to cloud computing.
The conversation is changing. Organizations are proving that cloud adoption can be accelerated by including security in their plans early on. LaSalle states that having security in place at the beginning of a project and looking at automation options for the required capabilities can help you get there quicker and more easily.
As chief security officers improve, they become more fluent in the language of business and risk and can quantify the outcomes of security programs. They also start to gain the trust of other C-suite executives, he said. LaSalle states that CEOs and board members are improving their cybersecurity awareness to meet the needs of CSOs and IT departments. He says, “It’s very jargon-filled discipline.” The board will influence change by asking more questions about enterprise security and resilience in relation to cyber threats. They will encourage better .”
For more dWeb.News Technology News https://dweb.news/category/dweb-news/section-d-digital-world-tech-technology-news/
The post TECH NEWS: Gauging Cybersecurity Resiliency and Why It Matters appeared first on dWeb.News dWeb.News from Daniel Webster Publisher dWeb.News – dWeb Local Tech News and Business News