Accenture’s new cybersecurity report has demonstrated that when it comes to cybercrime, many security professions are operating under a false sense of security (no pun intended!). As discussed in my last blog, 74 percent of the security experts we surveyed stated that they’re confident in their cybersecurity strategy; however, we also discovered that a third of attempted breaches on their organisations have been successful.
If businesses are going to thrive in the digital age, it’s vital the perception of their cybersecurity capabilities are in line with the needs of their business. In this blog, I’m going to provide you with three steps to help you ensure your cybersecurity strategy is fit for purpose.
Step #1: Define Success
First, you need to reset your perceptions around cybersecurity by building a new definition of success. As part of this shift, you should ask yourself several important questions including:
Are you confident that you’ve identified all priority business data assets and their location?
Are you able to defend the business against a highly-motivated adversary?
Do you have the tools and techniques to react and respond to a targeted attack?
The key here is to move beyond "tick-box," compliance-based approaches to securing the organisation and to instead consider whether your security capabilities tie to your business goals, and whether your organisation is truly safe from advanced and persistent threats—originating from both inside and outside the organisation.
Step #2: Invest strategically
When it comes to cybersecurity, simply increasing investment won’t automatically yield the results you need. Rather, you should review all current investments and ask yourself whether they are the right ones.
Often, redirecting existing investments into the right areas will be all you need to do. In our report, we’ve identified seven critical areas for security investment. You can read the full list here, but they include elements such as:
business alignment (an assessment of the attack vectors you’re most likely to be targeted through, and the remediation of these),
governance and leadership (cybersecurity accountability, measures and reports, chain of command, etc.),
cyber resilience (operational excellence in the face of disruptive cyber adversaries).
What’s important is that your investments allow you to continually innovate, and build a dynamic security capability that can change as often as your attackers do.
Step #3: Test your capabilities
Once new security measures are in place, you need to make sure they work. Stress-testing your defences will help you understand whether your business can withstand a targeted and focused attack. One way to do this is to employee "white hat" hackers to pit their wits against those of your security team. This will help you assess preparedness and response effectiveness and will quickly identify any areas that need to be improved.
Of course, addressing the expertise and capabilities of your security team is only part of the solution. Any truly successful security strategy is one that embeds a culture of security throughout the business. In my next blog I’ll explain how best to build such a culture and explain how to leverage one of the most powerful weapons in your fight against cybercrime: your employees.
Read the full report, Building Confidence: Facing the Cybersecurity Conundrum.
Alternatively, if you’re interested in finding out more about how Accenture could help your organisation with its cybersecurity strategy, contact Sanjeev Shukla.
Follow Accenture Security on Twitter @AccentureSecure.