Successful cyber security programs are built one step at a time, drawing on a comprehensive understanding of relevant business processes and the mind-set of prospective attackers. Therefore we invest time in understanding your business and your unique needs.
At dig8ital we work with executives, senior leaders and their teams across a diverse range of industries including financial services, telecommunications, pharmaceutical, healthcare, education, retail, utilities, membership organizations, government and not-for profit.
Typically our discussion begins with executives, including but not limited to CIOs, CISOs or CROs, or Heads of Business, who have with a clear mandate for business change and who need a more adaptive, thorough, and collaborative approach to digital and cyber risk.
We have observed the following principles used by some of the world’s leading cyber security teams at global companies and we incorporate these into our approach.
Before investing in cyber defences, executives should strive to clarify the most relevant risks and know what assets they need to secure. We help organizations assess their cyber risk capabilities and compare them with industry benchmarks. With that knowledge, they can set realistic aspirations for their resilience level, tailored to the industry and the current threat level.
Cyber risk cannot be delegated to IT. Cyber risk is not an IT problem, it is a risk management issue. Data, infrastructure, applications, and people are exposed to different threat types and levels. Creating a comprehensive register of all these assets is time-consuming, but we can help you utilize automated tools to catalogue your assets, enabling you to focus on those at most risk.
Not all assets need the same controls. The more critical the asset, the stronger the control should be. Processes can also be made more effective. At dig8ital we can help your organization embrace and adopt automation, big data solutions, and artificial intelligence to cope with the ever-increasing number of alerts and incidents. Accessing the right digital and analytical talent and cybersecurity skills can be difficult, we can help you build a network of partners to fill gaps in your capabilities.
Cyber security risks are growing in complexity and volume. The cyber security threats facing public- and private-sector organizations require that they be secure, vigilant, and resilient, and the only way to do that is to become more efficient. It still takes many organisations an average of 200 days to identify a breach, but for businesses to be resilient, 200 days later may be too late, and artificial intelligence (AI) and automation hold the key to being able to identify breaches the day they happen.
Organisations cannot simply rely on human interaction to fight off cyber attacks, and because cyber security today is largely labour-constrained, it is ripe with opportunities for automation using AI techniques. AI can not only help businesses track and fight cyber security risks in real time, but also address the cyber workforce shortage. Ultimately, a strategic approach should be taken to integrate AI and cognitive technologies and reallocate cyber talent.
A new model of governance for cybersecurity must also be established which is comprehensive and collaborative and empowers the central team to oversee all cyber risk efforts across the enterprise. Historically, responsibility for physical security, information security, business continuity, and crisis management was split. In the digital age, these splits are obsolete. Scattered responsibility can put the entire organisation at risk.
Creating a culture of cybersecurity and building a cyber-savvy workforce is of key importance to effectively manage the people, capital and technology risks across every organization. According to research conducted by Willis Towers Watson, employee negligence or malicious acts account for two-thirds of cyber breaches; in contrast only 18% are directly driven by an external threat.
For example, the recent high profile WannaCry attack served as a strong reminder that employees are the weakest link in an organization's cybersecurity strategy and the strongest defence. The attack affected more than 230,000 computers and compromised the systems of some banks. Ultimately, it was enabled by employees clicking infected phishing emails.
Cyber risk is much more than a pure technology issue and there is a growing realisation that building effective cyber resilience must have its roots within the organisation - its people and culture. We can help you with the solutions to develop a strong cyber risk culture. Often these are complex and multidimensional, as is always the case for any kind of cultural change.
Sooner or later, every organisation will be affected by a cyber attack. A company’s organization, processes, IT, OT, and products need to be reviewed and adjusted as cyber threats evolve. In particular, companies must fine-tune business-continuity and crisis management structures and processes to meet changes in the threat level.
When we work with organizations to incorporate these principles into their cyber security strategy and program they tend to be much more resilient to most attacks than their peers. Just refocusing investment on truly critical assets can save up to 20 percent of cyber security cost. In our experience, up to 50 percent of a company’s systems are not critical from a cyber security perspective.
If you would like more information on our approach and how we can help your organization, please get in contact with us today.