The 10 tenets that describe how cyber resilience in the digital age can be formed through effective leadership and design.
Cyber Attacks are one of the top 10 global risks of highest concern in the next decade, according to a new report from the World Economic Forum (WEF), with an estimated price tag of $90 trillion if cyber security efforts do not keep pace with technological change.
As such, the WEF’s Centre for Cybersecurity outlined 10 tenets that describe how cyber resilience in the digital age can be formed through effective leadership and design:
- Think Like a Business Leader - Cyber security leaders are business leaders first and foremost. They have to position themselves, teams and operations as business enablers. “The CISO role isn’t only about security, but also about understanding budgeting and the different factors that a business needs to operate,” said OSI Global CISO Michael Welch in an interview with Cyber Security Hub. Transforming cyber security from a support function into a business-enabling function requires a broader view and a stronger communication skill set than was required previously.
- Foster Internal and External Partnerships - Cyber security is a team sport. Today, information security teams need to partner with many internal groups and develop a shared vision, objectives and KPIs to ensure that timelines are met while delivering a highly secure and usable product to customers.
- Build and Practice Strong Cyber Hygiene - Five core security principles are crucial: a clear understanding of the data supply chain, a strong patching strategy, organization-wide authentication, a secure active directory of contacts, and encrypted critical business processes.
- Protect Access to Mission-Critical Assets - Not all user access is created equal. It is essential to have strong processes and automated systems in place to ensure appropriate access rights and approval mechanisms.
- Protect Your Email Domain Against Phishing - Email is the most common point of entry for cyber attackers, with the median company receiving over 90% of their detected malware via this channel.
- Apply a Zero-Trust Approach to Securing Your Supply Chain - The high velocity of new applications developed alongside the adoption of open source and cloud platforms is unprecedented. Security-by-design practices must be embedded in the full lifecycle of the project.
- Prevent, Monitor and Respond to Cyber Threats - The question is not if, but when a significant breach will occur. How well a company manages this inevitability is ultimately critical. Threat intelligence teams should perform proactive hunts throughout the organization’s infrastructure and keep the detection teams up to date on the latest trends.
- Develop and Practice a Comprehensive Crisis Management Plan - Many organizations focus primarily on how to prevent and defend while not focusing enough on institutionalizing the playbook of crisis management.
- Build a Robust Disaster Recovery Plan for Cyber Attacks - A disaster recovery and continuity plan must be tailored to security incident scenarios to protect an organization from cyberattacks and to instruct on how to react in case of a data breach. Furthermore, it can reduce the amount of time it takes to identify breaches and restore critical services for the business.
- Create a Culture of Cyber Security - Keeping an organization secure is every employee’s job. Tailoring trainings, incentivizing employees, building elementary security knowledge and enforcing sanctions on repeat offenders could aid the development of a culture of cyber security.
“With effective cyber-risk management, business executives can achieve smarter, faster and more connected futures, driving business growth,” said Georges De Moura, Head of Industry Solutions, Centre for Cybersecurity, World Economic Forum.
Paige H. Adams, Global Chief Information Security Officer, Zurich Insurance Group, adds, “Practicing good cybersecurity is everyone’s responsibility, even if you don’t have the word “security” in your job title.”