Eight Ways You Could Be Inviting A Cyber Security Attack – Information Age

Eight ways you could be inviting a cyber security attack – Information Age

  • Welcome to Information Age!

    Technology is moving extremely fast and you don’t want to miss anything, sign up to our newsletter and you will get all the latest tech news straight into your inbox!

  • I want to recieve updates for the followoing:


Technology is moving extremely fast and you don’t want to miss anything, sign up to our newsletter and you will get all the latest tech news straight into your inbox!
I want to recieve updates for the followoing:

I accept that the data provided on this form will be processed, stored, and used in accordance with the terms set out in our privacy policy.
No thanks I don’t want to stay up to date
Gartner provides eight ways in which your organisation may be falling short when it comes to cyber security, leaving you vulnerable to an attack
Cultural and systemic issues may be leaving your organisation vulnerable. Many business leaders still believe cyber security is a problem that can be solved if they invest enough money, and hire the right people with the right technical knowledge who will keep them out of the headlines.
In fact, it’s often systemic and cultural issues between IT and non-IT executives, not technical competency or funding, that leave organisations exposed to cyber security attacks.
“These issues present opportunities for CIOs and CISOs to rethink how they engage senior non-IT executives to prioritise security,” says Paul Proctor, Distinguished VP Analyst at Gartner.
You can reduce the risk of cyber attacks by addressing these leading causes of failure within your organisation.
Businesses make decisions every day that negatively impact their security readiness: for example, refusing to shut down a server for proper patching or choosing to keep working on old hardware and software to save budget. These unreported decisions lead to a false sense of security and increase the likelihood and severity of an incident.
Action: Recognise, report and discuss systemic risk as part of normal security governance.
Non-IT executives still see security as something that is “just there”, like air or water. This means it isn’t considered a part of business decisions. For example, a business leader requesting a new application is unlikely to include “security readiness” as a requirement.
Action: Put cyber security into a business context so executives can see the impact of their decisions.
You can’t buy your way out — no matter what you spend, you won’t be perfectly protected against cyber attacks. By trying to stop every risky activity, you will likely damage your organisation’s ability to function. 
Action: Avoid overinvestment in security that raises operational costs but damages the organisation’s ability to achieve business outcomes.
If security officers are treated as (and act as) defenders of the organisation, it creates a culture of ‘no’. For example, they might block the release of a critical application due to security concerns without considering the business outcomes the application supports.
Action: Position security as the function that balances the need to protect with the need to run the business.
Accountability should mean that a decision to accept risk is defensible to key stakeholders. If accountability means that someone will get fired if something goes wrong, no one will engage. 
Action: Reward those who make decisions that best balance the need to protect with the need to run the business.
Organisations create generic high-level statements about their risk appetite that don’t support good decision making. Avoid promising to only engage in low-risk activities, as this can create invisible systemic risk.
Action: Create mechanisms that allow for the acceptance of risk within defined parameters.
When a headline-grabbing security incident happens, society just wants heads to roll. While this isn’t fair, it’s the result of decades of treating security as a black box. No one understands how it really works and as a result, when an incident does occur, the assumption is that someone must have made a mistake. 
However, society is not going to change until organisations and IT departments start treating and talking about security differently.
Action: Be vocal about balancing the need to protect with the need to run the business rather than scapegoating.
Some boards and senior executives simply do not want to hear or acknowledge that security isn’t perfect. Board presentations are filled with good news about the progress that has been made in security, with little or no discussion about gaps and opportunities for improvement. We know of one company that even decided to move security under legal counsel so that discussions are privileged.
Action: To tackle the challenges, IT and non-IT executives must be willing to understand and talk about the realities and limitations of how security works.
Learn more about cyber security and other top IT topics at the Gartner IT Symposium/Xpo™ 2022 conference, 7 – 10 November, in Barcelona, Spain.
Related:
Gartner top strategic technology trends for 2022 — Gartner expects these 12 technology trends to act as force multipliers of digital business and innovation over the next three to five years. Here’s your quick guide to what the technologies are and why they’re valuable.
Promoting diversity in tech, and encouraging the next generation of cyber security professionals — Ahead of the Women in IT UK Summit, Jessica Figueras, vice-chair at the UK Cyber Security Council, spoke to Information Age about promoting diversity in tech, and encouraging cyber professionals of the future.
The pace of change has never been this fast, yet it will never be this slow again.
8 September 2022 / Hendrik Witt, chief product officer at TeamViewer, discusses how the industrial metaverse is set to disrupt manufacturing operations.
6 September 2022 / Historic site charity English Heritage is partnering with Yotta to digitise management of its 38,000 trees with Alloy asset management software.
6 September 2022 / First AML research has found that over half (57 per cent) of UK financial services professionals are only ‘somewhat confident’ in their anti-money laundering procedures.
5 September 2022 / Business transformation company Target Group has announced the appointment of its former chief operating officer John Barker as new CEO.
1 September 2022 / Cyber security company Trellix — formerly FireEye and McAfee Enterprise — has hired former Iron Mountain executive Kim Anstett as its new chief information officer.
31 August 2022 / Thorsten Stremlau, co-chair of TCG’s Marketing Work Group, discusses how security of data systems for AI can be kept strong.
31 August 2022 / Axonius research has found that sofware-as-a-service (SaaS) security is not a top three priority for UK organisations, despite 70 per cent spending more on SaaS applications today than a year ago.
30 August 2022 / Gartner provides eight ways in which your organisation may be falling short when it comes to cyber security, leaving you vulnerable to an attack.
30 August 2022 / David Steele, managing director and principal security consultant at SecuriCentrix, identifies the differences of information security vs cyber security.
© Bonhill Group Plc,
29 Clerkenwell Road, London EC1M 5RN
T. 020 7638 6378
Part of the Bonhill Group.

source


Leave a Comment

Leave a Reply

Your email address will not be published.

How can the public sector build cyber security into their digital transformation? – TechNative

Mapping informal cyber security initiatives for young people aged 5-19 – GOV.UK

Analysis | Easterly and Inglis have led U.S. cybersecurity for one year. How'd they do? – The Washington Post

Cyber Safety Review Board Releases Report of its Review into Log4j Vulnerabilities and Response – Homeland Security