The year 2018 alone saw more than 600 cybersecurity data breaches that exposed more than 22 million records, and this trend will to continue into 2019. Despite near-constant news of massive breaches–most recently at Marriott, as our sister site ZDNet reported–only 25% of organizations are scenario-planning to defend against such attacks, according to research from Deloitte.
As consumer and employee frustration over these events grows and elected officials call for regulations, it’s crucial for company leaders to prioritize cybersecurity to make their businesses stronger, said Chuck Saia, Deloitte CEO of risk and financial advisory.
SEE: Incident response policy (Tech Pro Research)
Here are seven tips to avoid and combat cybersecurity risks in 2019 and beyond, according to Saia.
1. War game and scenario plan
War gaming is the best way for businesses to plan ahead and prepare to defend against cyberattacks. “In 2019, leaders must push their organizations to plan for and monitor for these attacks,” Saia said.
SEE: Brute force and dictionary attacks: A cheat sheet (TechRepublic)
2. View cyber risks through a business lens
Though cyber risk reports typically focus on technical details and risks, company leaders and board members should view cyberattacks as business risks, Saia said. They should also “think about the holistic impacts that cyber breaches can have on business reputation, company culture, and profitability,” he added.
3. Manage the extended enterprise
Third-party partners can introduce security flaws and risks into your organization, and company leaders must manage these risks, Saia said. A majority of CEOs do not hold their extended enterprise to the same security standards as their own organizations, Deloitte research found.
“It’s critical that IT vendors are effectively managed and that the entire enterprise is held to strong security standards in 2019,” Saia said.
SEE: Network security policy template (Tech Pro Research)
4. Increase investment in threat detection
In 2019, business leaders must increase investments in improving cybersecurity intelligence and analytics, Saia said. Board members are more likely than CEOs to cite new technologies as a priority in this area, Deloitte found, so prioritizing threat detection will be a major chance for CEOs and board members to align in the new year.
5. Integrate IT security with business risk management
IT security cannot be isolated from more comprehensive risk-based approaches, as it has been in the past, Saia said. “To grow, streamline, and innovate, organizations must integrate IT security into leadership and business decisions in order to keep pace with the evolution of cyber threats,” he added.
SEE: Cross-site scripting attacks: A cheat sheet (TechRepublic)
6. Involve leaders
Only 30% of CEOs and board members said that they are highly engaged in cybersecurity practices, though these groups rank this area as their greatest concern, Deloitte found.
“To engage senior leaders, the CIO and CISO should develop business-focused cyber risk reporting, rather than overly technical reports with a focus on business impacts and risks,” Saia said. “Engaging senior leaders in cyber is key to moving from simply identifying security threats and fixes to defining business impacts, governance methods, risk escalation steps, and organizational responses.”
7. Utilize threat intelligence programs
Threat intelligence programs can help companies proactively identify and monitor risks, Saia said.