Exploring management teams and their views on enterprise cyber-risk
IT decision makers today have a lot on their plate: from supporting existing environments and applications, creating new digital engagement with customers, to enabling almost all of their workers for remote work because of the current pandemic.
As organizations adapt to new ways of working, how can IT and security leaders be most effective and efficient when thinking of cybersecurity?
Risk and Cyber Security – Awareness, Action and Involvement
Frost & Sullivan conducted a survey of 400 Asia Pacific (APAC) IT leaders in Australia, India, Singapore and Hong Kong to understand the enterprise cyber risk in today’s fast evolving digital landscape. The survey findings reveal that it is vital for enterprises to have a risk-based view of cyber exposure in improving their cybersecurity posture.
Status quo has changed in a post-pandemic world
Before the global pandemic, 95% of APAC organizations surveyed had embarked on some kind of digital transformation (DX) projects. Instead of reduced focus, we have observed that enterprises are placing more importance and accelerating their DX projects in the current situation.
At this time when digital transformation is crucial for digital engagement and IT teams explore the application of new advanced technologies, enterprises need to manage new forms of risks well. Key considerations include:
Mitigating the risk of critical data exposure: Employee-caused security breaches remain one of the top causes of cyber risk, whether intentional or unintentional. Consistently create security awareness training programs, and incident response processes.
- Enabling partnerships safely: Take a comprehensive approach to partnerships that includes assessment of cyber risks to help minimize the attack surface.
- Ensuring compliance: Meet regulations by country and by region where organizations’ data is created or stored.
Curating a security-first mindset in the cloud era
We have observed that many organizations are looking at the cloud, due to its payment flexibility, elasticity and ease of wide scale deployment, to better manage their business during the COVID-19 pandemic.
However, many organizations have misconceptions when it comes to cloud security, with many not specifically protecting their cloud environment, or expecting the cloud service provider to handle it for them!
As your enterprise considers and moves to the cloud, this risk needs to be managed, and appropriate security controls put in place with shared responsibility for security and compliance between your organization and the cloud service provider.
Cyber risk exposure and security considerations
Our survey reveals that most APAC enterprises still do not see cybersecurity as a business enabler or differentiator but as a “necessary evil” for business. This is well reflected in the number one cybersecurity challenge faced by APAC IT leaders: a lack of budgets.
IT and security leaders must focus on improving awareness of cybersecurity among the larger teams, so that everyone can work cohesively to reduce the risk.
Thinking about cybersecurity through the lens of cyber risk
Each new step in organizations’ DX journey is going to bring new cyber risk. Here are some steps to begin your new cyber risk aware thinking:
- Safeguard what you know is valuable: Understand which information assets are of the highest priority and implement next-generation security technologies, in conjunction with a comprehensive breach response plan, to protect them.
- Adopt a security framework built for the modern environment: Do not rely simply on a traditional perimeter-based defenses, but more on proactive zero-trust strategies.
- Set up proactive systems of continuous risk monitoring: Ensure that your risk management processes are setup and kept up to date regularly.
You can download the white paper ‘Risk and Cyber Security – Awareness, Action and Involvement’ by clicking the title link ot via the green Read the Report button on the right. Those who are interested can also watch the webinar ‘Exploring Management's Views To Enterprise Cyber-Risk In Today's Landscape’ where wwe diescuss the survey results.