TechSense Magazine #03
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Inform
TECHSENSE Magazine #03
Navigating
THE EVOLVING
THREAT
LANDSCAPE
| By Philippe Bovy |
When it comes to the threat landscape,
cyber criminals are growing in sophistication,
and it’s no secret that businesses are battling
against increasing cyber-threats. It’s critical that
organizations are able to identify these threats
and mitigate against them, without any disruption
to business continuity. Businesses in Luxembourg
are facing the same challenge.
— The Evolving Threat Landscape
External factors have a significant impact on cybercrime.
Geopolitical events, such as the war in Ukraine, create an
environment for cybercrime to thrive. Similarly, at the beginning
of the pandemic, cybercrime soared by 600% as threat actors
took advantage of new vulnerabilities. The associated costs are
becoming astronomical. This is causing premiums to skyrocket
as insurance companies struggle to cover the volume and costs
of cyber-attacks. Cybercrime is estimated to increase in cost for
companies to $10.5 trillion by 2025, which makes it even more
important for organizations to have the ability to respond at pace.
— In light of this, what should the CISO’s top
two priorities be?
Priority One: Regulation & Insurance
Regulation sits far behind where we need to be to mitigate risk across
all industries. Organizations need to go much further than meeting
the bare minimum. Especially in Luxembourg where the Supervisor
of the Financial Sector (CSSF) highlighted the importance of a
business continuity plan and the proper functioning and recovery of
backups. The CSSF placed particular emphasis on the importance
of offline backups of the most essential systems and data.
Insurance companies on the other hand are realizing that the gap
is too big - hence the rise in cyber premiums. This is a problem
because a lot of businesses completely rely on insurance policies
to cover recovery costs against these kinds of attacks. Some
insurers are even withdrawing their policies altogether because
of this. CISOs need to start thinking about how confident they are
Philippe Bovy
Head of Sales and Solutions at Kyndryl Luxembourg
in their ability to recover and the financial implications they would
face from prolonged downtime.
Priority Two: Operational Resilience
Resilience needs to become more proactive. Whether it’s
geopolitical, cyber, or environmental, businesses need to realize
that responsibility for the concentrated risk and operational
resilience lies with CISOs, IT Directors and Risk Officers, not with
regulators and insurers.
It begins with understanding where you are today. Where are the
gaps and where do you want to get to? Investing in automating
and orchestrating recovery processes, enhancing recovery time
and recovery point objectives, while simultaneously mitigating
human error in restoring from backups should be a focus in all
organizations. Continuous testing and cyber simulation exercises
can support this, ensuring you have confidence in your ability to
act and recover at pace when the worst happens.
Proactive Action
To effectively protect the future, we need to realize that regulation
is lagging behind what it should be to mitigate risks. Insurance
policies are shifting that risk and the responsibility is now back
into the hands of the CISO. In addition to this, organizations must
adopt a culture of operational resilience to survive the evolving
threat landscape, which should be driven by the CISO.
At the beginning
of the pandemic,
cybercrime soared
by
600%
as threat actors took
advantage of new
vulnerabilities.
Cybercrime is
estimated to
increase in cost for
companies to
$10.5
trillion by 2025.
09