Security Breach is the Biggest Factor to Halt Organizational Growth

Strengthening the fact that digital trust is the most important currency in the current scenario, the cybersecurity experts are agreeing that security breach continues as the biggest factor to halt organizational growth and profitability. This is further boosted with the ongoing Covid-19 pandemic that the world is facing over the last two years.

In the aftermath of the pandemic, as boundaries between remote workplaces and offices have eroded, cyber attackers are discovering new ways to intrude and misuse sensitive data, both personal and corporate. Concurrently, while automation and digitization have presented infinite growth opportunities and resilience, they have also widened the technological surface for cyber-attackers to exploit.

During the recent 2 ndedition of the CXO Global Security Summit 2022, AkhileshTuteja, Global Leader — Cyber Security, KPMG shared that cybersecurity has remained among the top five factors which impact the growth for the CEOs around the world. “Global CEOs and CFOs have highlighted that cyber security is the largest factor which could halt the growth and profitability of the organizations. As per our global survey, two-third of the global CEOs say that robust cybersecurity makes them feel stronger, confident, and enable them exploit more power of digital.”

In his opening note during the two-day summit, Tuteja further underlined that CISOs are not just reducing risk but are actually creating humongous value for the organizations. “In fact, the role of CISO is getting quite hard due to scarcity of skilled resources and cyber security being highly technical job requiring deep expertise. Indeed, there is large demand and supply gap in skilled resources in cyber security, which leads to overburden and stress among the security personnel. Hence, CISOs and security experts deserve high level of respect.”

Setting the tone for the board room agenda on how to get the ‘buy-in’ from the CEO and the board to invest in the resources required for a robust cyber security, Steven SimKok Leong, President, ISACA Singapore Chapter & Chair, OT-ISAC Executive Committee highlighted in his keynote that boards need to understand the limitations of paying ransom and using cyber insurance as means of risk transfer. “With lots of exclusion clauses, complications in claims, and dismal claim settlement ratio, cyber insurance is not a great idea for risk aversion. Moreover, paying ransom could be a disaster as the organization may turn out to be an excellent value proposition and lucrative customer for cyber attackers with repeated invasions. Further, decryption tools offered in exchange of ransom usually turn out to be sub-optimal. Hence, robust cybersecurity governance and disaster recovery strategy are still the preferred risk-driven approach.”

He added that there is a need to invest heavily in operational and business resilience, business continuity, incident management and recovery measures. “CISOs need to discuss the business impact in terms of revenue loss, reputation loss, and regulatory fines that follow after the security breach. Above all, we need to assess the competitive advantage which comes as we showcase resilient-by-design architecture to the potential customers. Digital trust is crucial in the current scenario.”

In his industry note, Jaspreet Singh, Partner and National Leader, Client & Markets (Trust and Transformation), Grant Thornton Bharat noted that the entire decade of 2020 will be focused on digital trust. “In comparison to the scenario two years back when businesses were still deliberating on their move to cloud, organizations are already working on their strategy on cloud and cloud security. Organizations need to draw a clear roadmap from the current and future perspective. This push will ensure that cyber security will be the part of the discussion during the board meetings and all the business initiatives.”

Elaborating on how enterprises can strike a balance between financial viability of security spending and having the optimum security infrastructure, Dr. Rizwan Khan, CFO-CIO, Panoval Asia mentioned in his keynote that security starts from top of the pyramid. “Top management must be aware of the significance and importance of cyber security. In addition, managers must be trained to respond to security incidents and most importantly, employees including team working on data must be sensitized, trained and be aware of whom to contact in case of any incident.”

He further underlined that the challenge CISOs face is to justify the RoI in security spending. “We could look at it from the perspective of importance of data that need to be protected. So we may argue that the spending on security will be justified by the value of the data that we may lose or may be jeopardized.”

However, the security battle is getting intense by the day. Attackers are now state sponsored and leverage on emerging technologies like AI and automation. “Attackers are always one step ahead. They are coming up with newer ways of intrusion which pulls the security teams into vicious cycle attack and protection. If we truly want to defend against the new types of threats, we need to completely and drastically change the way we think,” said Erez Kaplan, Founder & CTO, Cyber 2.0, in his keynote address.

He added that chaos mathematics could be the way out. “Let’s take our body for example. Our white blood cells and antibodies learn and act against the viruses and bacteria. However, viruses mutate and bypass our protection shield. If we put chaos mathematics on the communication between the cells, we will be able to block the communication between cells as the first cell gets infected. The attackers will be unable to bypass because the chaos mathematics is not crackable.”

AkshayGarkel, Partner & Leader, Cyber, Grant Thornton Bharat stated that supply chain security is going to be the way forward as it is crucial to understand the data flows, threats and profiling. “Organization’s security is as strong as the weakest chain. And in majority of the cases people are the weakest link. Hence, people awareness and skill levels are crucial to avert any insider threat. Zero Trust is becoming popular among enterprises, however, we must note that it’s not a product; it’s a concept or a thought process to invoke a culture across the organization. Hence, organizations need to realign their processes to match global standards which calls for increased priority for budget and resource allocation towards risk prevention.”

Originally published at https://cxotv.techplusmedia.com on April 8, 2022.