Yesterday’s Cyber Posture Just Won’t Work
Cyber threats have changed radically with the evolution of technology. Yet as threats continue to mount, many enterprises are still relying on yesterday’s cyber protection methods, technology infrastructure, and cultural ethos as the foundations for their modernization efforts. While IT digitization is integral to business growth and trajectory, enterprises must also update their cyber resilience approach to protect the full breadth of their operations.
I recently sat down with TechRepublic’s Dan Patterson to discuss what we at Cisco see as essential components of a cyber resilience strategy. Below is a summary of our conversation, be sure to check out the recordings for further discussion on each topic.
Future-Proofing Enterprise Cyber security
Future-proofing enterprise cyber security starts with a holistic approach to shifting the organizational culture. Everyone must look at cyber as their responsibility, not something to be left to the IT department. At Cisco, we sponsor frequent, formal cyber education for our employees. The next step is institutionalizing a continual process around resilience. Frequently assess what in your organization is changing. What is most important to your business, and what are you doing to protect it? When you do detect cyber intrusions, are you prepared to quickly recover normal operations? Can you recover? Regularly reviewing these factors will help protect your company for the long term. Click here for the full discussion.
Becoming Resilient to Cyber Threats
With the diversity of cyber threats, enterprises need to look at which specific types of threats are most critical to their business. We recommend a four-step systemic approach to developing cyber resilience:
- Identify critical aspects of business, such as the information and processes that are most important.
- Establish preventive mechanisms to protect those— systems, technologies, staff education.
- Use that solid protective posture to operationalize how you detect cyber vulnerabilities, but don’t set and forget. Look for active adversarial activity on an ongoing basis.
- When you have detected an attack, have a remediation plan to restore normal operations quickly.
Click here to watch the video.
What are the Biggest Enterprise Cyber Security Red Flags?
One of the biggest red flags is isolation of cyber responsibility to one person or one group, such as the Information Security team. You simply can’t permit other stakeholders to abdicate responsibility. Cybersecurity ownership must span the entire organization—people, processes and technology. There is also a tendency for the security industry to think one piece of technology is going to solve all the ills—it’s not. When I see organizations functioning at a high level in this regard, it’s because they have created a culture of responsibility. Click here to learn more.
Why Your Company Should Invest in Cyber Security Infrastructure
Many companies realize that digital transformation is critical to their growth. But we see them relying on legacy capabilities to build out a digitized environment. For example, a modernizing manufacturing environment might be built on top of 20-year-old infrastructure not designed for today’s cyber threats and impacting resilience.
Because IT systems play a fundamental role in the growth and trajectory of a business, a forward-looking enterprise must have a resilience strategy that includes investing in updating IT infrastructure. It’s not just about risk mitigation, it’s about giving your business the agility to go where it needs to, quickly. For example, how quickly can you adopt a cloud technology because you’re comfortable with its cyber security? How fast can you gain the efficiency that’s going to drive? I guarantee digitizing companies are going to depend on cyber security to underpin where their business is going. Don’t think about it as a cost center; it’s a fundamental enabler of growth. Click here for the video.