It’s no surprise that businesses are paying more attention to digital risk these days. A recent Forrester survey sponsored by insurance company Hiscox indicates three factors concerning businesses: an overall increase in cyber incidents, an increase in frequency of incidents and more types of businesses targeted. Organisations looking to reap the benefits of digital commerce and service must balance them with the risks that digital supply chains and distributed operations bring.
Digital risk is heavily impacted by cyber threats and the impact of data breaches. These put many aspects of the business at heightened risk including staff, customers, brand, senior executives and intellectual property. Consequently, this territory, previously uncharted by business risk professionals, requires close cooperation with cybersecurity teams. Many large brands in the UK now employ a “digital risk officer” to provide a cross-functional link, while 40% of large businesses already require visibility of cybersecurity and technology risk at the board level, which is set to grow to 100% over the next two years. But, large businesses aren’t alone raising the importance of digital risk protection, almost two thirds of SMBs now consider access to threat intelligence as a high or critical priority.
So, how is digital risk affecting current cybersecurity strategies and protection techniques and technologies?
A change of mindset
In terms of strategy, the focus on digital risk is changing the mentality around cybersecurity.
Traditionally, cybersecurity was very much an inside-out job. The task was to protect the network using perimeter defences. For those attacks that did get through those defences, the company’s intrusion detection systems would flag the breach, enabling IT teams to take swift action. The idea was: “protect the network to protect data.”
Nowadays, with the nature of modern, digitally transformed business, much of an organisation’s data — whether it belongs to the organisation itself or its customers — lives outside of their network. And that’s a problem.
For example, most businesses work with multiple partners and/or third-party systems that store and process sensitive data, while email collaboration and Cloud storage platforms complicate the supply chain further. Risk is multiplied because the business does not have direct control over the security of its clients or suppliers, and yet it would still assume vicarious responsibility for a breach of their data even if originated from a third party. Digital supply chains are increasingly becoming a target for cybercriminals — 56% of organisations have had a breach that was caused by one of their vendors.
It’s no surprise that businesses are paying more attention to digital risk these days. A recent Forrester survey sponsored by insurance company Hiscox indicates three factors concerning businesses: an overall increase in cyber-incidents, an increase in frequency of incidents and more types of businesses targeted. Organizations looking to reap the benefits of digital commerce and service must balance them with the risks that digital supply chains and distributed operations bring.
Digital risk is heavily impacted by cyber-threats and the impact of data breaches. These put many aspects of the business at heightened risk including staff, customers, brand, senior executives and intellectual property. Consequently, this territory, previously uncharted by business risk professionals, requires close cooperation with cybersecurity teams. Many large brands in the UK now employ a “digital risk officer” to provide a cross-functional link, while 40% of large businesses already require visibility of cybersecurity and technology risk at the board level, which is set to grow to 100% over the next two years. However, large businesses aren’t alone raising the importance of digital risk protection, almost two thirds of SMBs now consider access to threat intelligence as a high or critical priority.
So, how is digital risk affecting current cybersecurity strategies and protection techniques and technologies?
A Change of Mindset
In terms of strategy, the focus on digital risk is changing the mentality around cybersecurity.
Traditionally, cybersecurity was very much an inside-out job. The task was to protect the network using perimeter defenses. For those attacks that did get through those defenses, the company’s intrusion detection systems would flag the breach, enabling IT teams to take swift action. The idea was: “protect the network to protect data.”
Nowadays, with the nature of modern, digitally transformed business, much of an organization’s data – whether it belongs to the organization itself or its customers – lives outside of their network. And that’s a problem.
For example, most businesses work with multiple partners and/or third-party systems that store and process sensitive data, while email collaboration and cloud storage platforms complicate the supply chain further. Risk is multiplied because the business does not have direct control over the security of its clients or suppliers, and yet it would still assume vicarious responsibility for a breach of their data even if originated from a third party. Digital supply chains are increasingly becoming a target for cyber-criminals, 56% of organisations have had a breach that was caused by one of their vendors.
Another factor contributing towards digital risk is employees. Their credentials are the keys to an organization, and the more employees there are, the less control an organization has into making sure those keys don’t fall into the wrong hands. Because I’m a cybersecurity analyst, I see data dump after data dump on the Dark Web containing long lists of employee email addresses for all kinds of organizations, large and small. Cyber-criminals who prowl the Dark Web are then at liberty to conduct phishing scams, and it only takes one employee to fall for it for that criminal to gain unauthorized access to potentially sensitive information. Sometimes the credentials include passwords, which elevate the mode of attack.
Business risk teams obviously need to know what these kinds of threats are before they affect the organization. Relying on a network-centric approach is no longer enough — the digital supply chain may even incorporate BYOD access as well as third parties.
A Shift in Technology Needs
This change in mentality means that organizations must now consider adopting an “outside-in” approach to security and risk mitigation. And this approach needs a different type of technology solution.
So, as well as deploying perimeter defenses and intrusion detection systems, CISOs should now consider investing in digital risk protection technologies that shed light on the types of risks that are out there, while assessing each one in terms of relevance, danger and how likely it will affect the organization.
Automated monitoring and alerting are vital to mitigating digital risk. They reduce the response time for and costs of data breaches and crucially protect the business from increasing risk by manually researching threats in potentially hostile environments.
If you know what the risks are, you can better prepare for them when they inevitably affect you. Better digital risk protection means better protection overall for your staff, data, goods and services, customers and consequently, your brand.