Daily Bulletin

Men's Weekly

.

  • Written by Scott McKinnel, ANZ Country Manager, Tenable


Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some of the damaging effects include financial loss or theft (39%), loss of customer data (39%) and employee data (36%). The potential for cyber threats to cost organisations in Australia millions of dollars overwrites an outdated belief that cybersecurity is merely an IT issue. With so much at stake, business leaders are in the front lines and require insight into cyber risk in the same manner as other risks.

Incoming regulation aimed at business leaders of critical infrastructure and systems of national importance, as part of the federal government’s Cyber Security Strategy 2020, further iterates the importance of leadership involvement in cyber issues. Therefore, it’s unsurprising that the same Forrester study shows that Australian business leaders are demanding greater visibility, as 94% of Australian security leaders have been asked to report on their level of exposure to a specific threat or publicised vulnerability. What’s worrying, however, is that 67% of business leaders report that their security counterparts are, at best, only “somewhat effective” in communicating threats that pose the greatest risk to the organisation. This disconnect shows that cybersecurity is broken and the key missing piece of information is - business context.

Business context is everything

When an organisation is at risk of a cyber threat, the first thing business leaders want to know is if they will still be able to deliver on their core business objective. Instead, more often than not, they get data about how many systems are affected and how quickly it can be remediated - demonstrating a clear disconnect in the way both groups understand and communicate risk.

This is by no means any fault of security leaders. Their technical training puts them in a position to report on the many vulnerabilities, patches deployed and recite information of the latest threats. What they struggle with is delivering the information in a non-technical manner that relates to the business because they are hamstrung by a lack of data, technology and processes.

The same research highlighted three key areas of improvement in order for security teams to effectively communicate risk.

Firstly, security leaders need to have holistic visibility of business-critical assets. Only six in ten Australian security leaders reported that they have ‘high or complete’ visibility into their organisations’ IoT and operational technology (OT), according to the Forrester study. In addition, less than half are highly or fully aware of the risk posed to employees working remotely and only 30% have high or complete visibility over third-party vendors. All of this combined means that few security leaders have a holistic understanding of their organisations’ attack surface and, as a result, are unable to communicate the risk to the business effectively.

Secondly, security and business performance aren’t aligned, with just four in ten security leaders saying they work with business stakeholders to align cost, performance and risk reduction objectives with business needs. While having the right tools in place to measure risk is key, so too is reducing the gap between security and the rest of the business. Business and security leaders need to work together to integrate with one another and develop security metrics that speak to business risk.

The final area of improvement is the use of technology to better predict business risk context for incoming threats. The Forrester study showed that 40% of Australian security leaders aren’t confident that they have the technology, processes or data to predict cybersecurity threats. This could be, in part, due to a lack of automation technologies - three out of ten security leaders say their organisations still manually review spreadsheets to track cybersecurity performance. Business leaders need to ensure that they’re making long-term investments in the technology used to monitor, manage and report on cybersecurity.

The road ahead

While business leaders are starting to recognise the importance of cybersecurity, it’s clear that a gap still exists and there’s more work to be done. Security leaders must turn qualitative recognition of cyber risks into quantitative business-aligned metrics, and business leaders must equip them with the tools and processes to do so.

With new regulations like Australia’s mandatory data breach notification laws already in place and more likely to come in with the 2020 Cyber Security Strategy, failure for security and business leaders to align will surely result in further business-impacting attacks with the regulatory penalties a clear reality.

How to Extend the Lifespan of Your Conveyor System

It’s easy to forget your conveyor is even there, until it stops. And when it does, you’re in a world of delayed orders, unexpected downtime, and one very expensive headache. But the good news is tha...

Daily Bulletin - avatar Daily Bulletin

Virtual CFO Hiring Checklist: 10 Expert Tips in Australia

Hiring a Virtual CFO (VCFO) is no longer just reserved for large corporations. In today’s business environment, where agility, compliance, and strategic foresight are essential, Australian startups...

Daily Bulletin - avatar Daily Bulletin

Top Mistakes to Avoid When Hiring Office Removalists in Perth

Moving a workplace is more than shifting workstations and computers; it is a complex project that can affect staff morale, customer service and revenue if it goes off-track. Perth’s commercial prope...

Daily Bulletin - avatar Daily Bulletin

Reliable Castors for Sale in Melbourne – All Types Available

When you need to move something heavy like a trolley, chair, or toolbox, you probably don’t think twice about the wheels underneath. But those little wheels, called castors, do all the hard work. Th...

Daily Bulletin - avatar Daily Bulletin

Reliable Materials Handling Solutions for Safer and Faster Workflows

Handling materials the wrong way can slow down operations and hurt workers. According to Safe Work Australia, manual tasks like lifting, carrying, and pushing are behind over 20% of serious workplac...

Daily Bulletin - avatar Daily Bulletin

Improving Leadership Skills Through Business Coaching

Good leadership has nothing to do with knowing everything. It's about being open to learning, making intelligent choices, and getting the best out of those around you. No matter if you work with a ...

Daily Bulletin - avatar Daily Bulletin

LayBy Deals