Building cyber resilience: 3 imperatives for today’s organizations

In an era dominated by cyber threats, threat actors are intensifying their strategies by embracing a “work smarter, not harder” approach to cybercrime. The first half of 2023 witnessed a surge in activities by advanced persistent threat (APT) groups, a rise in ransomware complexity, and an upswing in botnet activity, putting more organizations at risk than ever. So it’s no surprise that, according to one recent report, 84% of entities faced one or more breaches over the past 12 months, highlighting the urgency for a more transformative approach to cybersecurity.

The dynamic and sophisticated nature of today’s threat landscape underscores the critical need for collaboration. This is being compounded by the rapid rate of technological advancements, geopolitical events, the ongoing shortage of skilled cybersecurity professionals, and emerging economic challenges. Initiatives like the Cybercrime Atlas project–a collaborative effort hosted by The World Economic Forum with support from Fortinet, Microsoft, PayPal, and Santander–demonstrate the power of collective information-sharing in combating cybercrime.

While collaborative initiatives are essential, individual organizations must take equally proactive measures to strengthen their cybersecurity posture. The following three imperatives outline crucial steps that organizations need to undertake to enhance their cyber resilience, enabling them to be more effective contributors to the broader global effort to disrupt cybercrime.

  1. Cultivate a culture of personal responsibility

Beyond the core team of skilled professionals, intelligent processes, and robust technologies, a resilient organization must also instill a culture of cybersecurity awareness. While an effective risk management strategy starts with the IT department–it is ultimately everyone’s job. 

Research indicates that human involvement contributes to three out of four breaches. As a result, organizations must implement ongoing cybersecurity awareness initiatives tailored to every employee. This includes comprehensive security education, ongoing training sessions, and realistic phishing simulation exercises. Executives, as key stakeholders and high-value targets, can benefit from more extensive activities, such as tabletop exercises, to enhance their awareness and cybersecurity leadership and response capabilities.

2. Creatively address the cybersecurity skills gap

Organizations of all sizes and across all industries grapple with the challenge of finding, hiring, and retaining skilled cybersecurity professionals. Traditional approaches, such as exclusively targeting candidates with prior cybersecurity experience or relevant degrees, are no longer sufficient. To bridge the widening global cybersecurity workforce gap–currently estimated at nearly 4 million professionals–organizations must adopt creative solutions. Exploring new talent pools, such as those with diverse educational and experience backgrounds, and providing upskilling opportunities through certification programs for existing employees, can help organizations keep pace with the evolving threat landscape. Widening your technology net, such as embracing managed services, can also prove instrumental in augmenting entry-level positions, shrinking the skills gap, and fostering a proactive approach to security.

3. Eliminate siloed thinking

Unintentional silos within organizations, particularly between Network Operations Center (NOC) and Security Operations Center (SOC) teams, impede the development of a robust cyber resilience strategy. Leaders must proactively dismantle these silos by fostering alignment on risk management goals among the organization’s leadership and board members. This more collaborative approach enables organizations to develop or refresh a more inclusive security strategy, potentially modeled after established frameworks like NIST’s. Creating broad incident response playbooks ensures a unified and comprehensive process for all stakeholders and reinforces the idea that cybersecurity is not solely the responsibility of the IT team. Technological interventions, such as the adoption of AI-powered security operations, can further streamline collaboration, reduce detection and response times, and enhance interoperability between NOC and SOC teams.

Collaboration creates resilient organizations

Resilient organizations play a pivotal role in the collective fight against cybercrime. By cultivating a culture of cyber resilience, creatively addressing the cybersecurity skills gap, and eliminating internal silos, organizations strengthen their security posture. This, in turn, bolsters the broader efforts to disrupt cybercrime, as optimized resilience enables more comprehensive and agile protections against cyber adversaries. In the complex battlefield of cybersecurity, organizations can strategically position themselves to effectively diminish the impact of cybercrime not just for themselves but on a global scale.


Go to Source