While the new European General Regulations on Data Protection (RGPD) is always at the heart of the conversation, a recent report reveals that companies have neglected a fundamental element in their digital transition that could jeopardize all their transformation efforts : the Cyber-Security
The survey of 1,000 IT managers from 18 countries indicates that only 9% of companies have made cybersecurity a priority. Respondents agree that with the advent of digital, cyber threats are more relevant than ever, with 60% saying their business is exposed to more cyber threats than they can control.
Threats to cyber-security come from a variety of breaches, not only related to technology but also to the design and execution of business processes and to company employees. The most important risk factors for the next 12 months are data migration to the cloud (74%), social networks (66%) and reckless employees (64%). These issues need to be tackled now to secure their business.
However, more than 60% of respondents believe that they do not have the necessary resources for budgetary reasons and lacking cyber-security talents to fill the gaps in their business cyber defense. It’s therefore not surprising that nearly a third of respondents also admit updating their cyber-security strategies only once a year, with the risk that their cyber defense has huge gaps.
Combined with ever-evolving threats, the lack of talent and budget is driving many companies turning to technologies, including artificial intelligence (AI) to improve their cyber security perspectives. However, while technology can fill some gaps, it can’t respond to all of the security deficits on its own.
Sustain digital operations
The study emphasized four key measures that companies should implement to strengthen their cyber security strategies, thereby sustaining their digital operations:
1 Lead: If cyber-security has to be the concern of all employees, leaders can’t just launch initiatives but must understand the design and operation of technologies and processes. To do this in practice they can assign heads of departments responsible for computer security in the units, elevate cyber-security to the rank of central value of the company or guarantee the treatment of the cyber-security issue by the executive bodies.
2 Evolve: Companies must constantly evolve their cyber-security strategies to be able to effectively fight cyber threats. R&D must therefore be an integral part of the security services and must not be limited to internal efforts. For example, companies can organize hackathons and war rooms to access external talent and help create security actions.
3 Automate: In response to the global shortage of cyber-security talent and the proliferation of cyber threats, AI-based approaches are becoming readily available, and must be part of a company's overall cyber-security strategy.
4 Prepare: Companies need to prepare for new technologies that, like blockchain and in the longer term: quantum computing, will break the current momentum of the cyber-security strategy. While it is important to be able to adapt quickly to today's security needs, it’s also essential to think about the future.
The introduction of AI tools on cyber-security platforms is pushing companies to rethink their approach to cyber-security and alleviate the burden of talent shortages.
However, cyber-security requires constant effort and the organizations that won’t routinely adapt their processes and systems will be vulnerable to future attacks.
Leaders must take the initiative to integrate cyber-security into the DNA of their business, otherwise they risk losing their customers, their reputation and their revenues. Ultimately, any company that intends to operate in the digital economy must make cyber defense a key part of its strategy.
If you want to see the guide to secure your PC after a fresh installation of Windows or to know how to be more anonymous on the internet, you know where to click ;-)
Being in the cybersecurity industry, I think what most companies need is really a solid cybersecurity program. What I observed is that most companies are just chasing the latest trends and buzzwords but at it's core, the cybersecurity controls implementation is weak. Main reason I think is due to the fact that non security trained personnel are tasked to lead cybersecurity initiatives.
Good analysis, well done!
I agree that it's quite commonly down to budget. Here my recent findings on phishing vulnerabilities:
https://steemit.com/security/@gaottantacinque/steemit-security-check-iframe-tricks#comments
Thanks :)
I've already comment and upvote this post man... Update your bot pls.
Congratulations,
you just received a 29.91% upvote from @steemhq - Community Bot!
Wanna join and receive free upvotes yourself?
Vote for
steemhq.witness
on Steemit or directly on SteemConnect and join the Community Witness.This service was brought to you by SteemHQ.com
Great breakdown!