Published on November 9, 2023, 6:46 am
Cybersecurity is increasingly becoming a social phenomenon with growing investor interest, public pressure, employee demands, and government regulations. Organizations now have stronger incentives to track and report cybersecurity goals and metrics within their environmental, social, and governance (ESG) efforts as a business requirement.
According to Gartner, traditional culture improvement efforts that solely focus on awareness are failing to encourage secure behavior. One of the key challenges for security and risk management (SRM) leaders in the coming years is the loss of direct decision-making control caused by an increasingly distributed ecosystem.
Amidst this changing landscape, Alex Lei, VP and GM for APJ at Proofpoint, highlights that risk management used to revolve around data protection. However, the pandemic and the rise of hybrid work environments have shown that the individuals accessing the data cannot always be trusted. The 2022 Ponemon Cost of Insider Threats Global Report reveals a 44% increase in concerns regarding insider threats.
Remote work has also introduced new vulnerabilities through the absence of face-to-face exchanges. Attackers are taking advantage of this by utilizing social engineering techniques and exploiting vulnerabilities in advertising, services, or applications.
Supply chains built on trusted relationships formed over years of transactions are now at risk due to attackers redirecting funds based on existing relationships. This highlights the need for enhanced cybersecurity measures throughout all levels of an organization.
Gartner reports that 56% of customers frequently express interest and concern about the cybersecurity posture of organizations they do business with. This indicates that customers are increasingly prioritizing cybersecurity when choosing who to engage with.
A prevailing cultural trend hindering better outcomes in terms of data protection is a lack of effective communication between cybersecurity practitioners and board-level executives in Asia. Many CISOs agree that there is less than 30% alignment between these two groups. To address this barrier, it is crucial to align interests between boards and cybersecurity practitioners rather than relying solely on technology solutions.
Gartner also highlights the need to establish corporate behavior that is secure by design. Traditional methods focusing exclusively on raising awareness often fall short in fostering secure behavior and controlling cybersecurity risks in distributed ecosystems. By involving people in the process, making them accountable, and empowering them as owners of the cybersecurity program, organizations can drive more effective outcomes.
To improve data protection outcomes in today’s distributed ecosystems, it is essential for organizations to consider several strategies and best practices. These include centralizing support engineers who handle sensitive data, ensuring that the right data gets to the right people, monitoring and governing data usage, and enforcing policies effectively.
Overall, organizations must strive to create well-designed business processes that make sense within their specific context. This will help mitigate liabilities, regulatory issues, and potential security breaches. By implementing these strategies and addressing prevailing cultural barriers, organizations can enhance their cybersecurity posture in distributed ecosystems.
For more insights on improving cyber risk management outcomes in distributed ecosystems, you can listen to Alex Lei’s detailed discussion on PodChats for FutureCISO.
– “Cybersecurity: 70% of APAC businesses are ill-prepared for an uncertain future,” FutureCIO.
– “How CIOs Can Lead Organizational Culture for Improved Cybersecurity,” Gartner.
– “Proofpoint Cost of Insider Threats Report,” Proofpoint.
– “Gartner Predicts 2022: Cybersecurity Leaders are Losing Control in a Distributed Ecosystem,” Gartner.
– “PodChats for FutureCISO: Improve cyber risk outcomes in distributed ecosystems,” FutureCIO.