Intelligent CISO Issue 28 | Page 21

cyber trends threats detected are now identified by supervised Machine Learning and threat intelligence. Organisations need to ensure they’re fully equipped to be able to address the multitude of challenges that lie ahead. COVID-19 demonstrates just how fast things can change, so much so that it has brought about fundamental changes to the entire functionality of businesses. Being able to support employees is a pre-requisite for organisations in this potentially chaotic environment while not forgetting the need to meet the appropriate regulatory obligations as well as maintaining customer security from both a physical and data perspective. Clearly communicating any changes to business and security requirements, policies and procedures are essential, as is providing employees with a means to flag anything that might obstruct their route to effective collaboration and workflow. Using proactive intelligence capabilities to identify and quickly make decisions to manage risk will support business agility. Having full visibility across the information and communication technology environment should also be a priority so that you can manage risk and mitigate threats and ultimately, make fast decisions on how you can deal with those threats. Penetration testing activities, including application testing and social engineering, should be regularly undertaken and being able to leverage intelligence services also adds a realistic approach from an attacker’s perspective. Governance, risk and compliance should be reviewed frequently, along with technical and non-technical assessments, to identify any potential areas of weakness. Secure at every level The current crisis has demonstrated the willingness of cybercriminals to take advantage of any situation, further emphasising the need for organisations to focus on security that enables their business and ensures that it’s cyber-resilient and built on secureby-design initiatives. Taking a secure-by-design approach will help to better protect organisations from innovative attacks. In short, it’s about focusing on what’s critical in the organisation and putting the right protection in place right from the beginning – across business process, technology, services and people. Secure-by-design means being cybersecurity conscious at every level of the business, right up to board strategy level. This involves security being core to the overall business strategy. Adopting a secure-by-design approach means that the security strategy is aligned to what the business wants to achieve, as well as the business’ risk tolerance, while an intelligence-driven cybersecurity posture enables businesses to be agile in the face of a changing threat landscape and technology ecosystem. In practice, rather than bolting on security, it should be built in at the beginning, whether that’s infrastructure (network, data centre, clouds), in the workplace (employees, buildings, customer experiences) or business transformation and innovation initiatives (such as the Internet of Things (IoT) or Operational Technology (OT), Blockchain and DevSecOps). As organisations continue their Digital Transformation, inherently secure solutions provide businesses with the Being able to quickly identify, protect and respond to potential threats will reduce the time it takes to thwart, restrict and manage attacks and their effects. services or capabilities required to cover the latest cyberthreat protection which is of significant value to them. The increasing scale of connectivity and borderless Information Technology means organisations have no choice but to evolve to address a nonstandard, disorganised world. The proliferation of devices, applications and interconnection of these worlds requires automation and faster analysis to ensure quick and appropriate action. As such, these procedures, controls or policies need to be built into technology solutions from the start to enable an agile digital business. Digital Transformation, cloud computing, mobile devices, robotics, Machine Learning (ML) and Deep Learning are outpacing the security protections many companies have in place and making for a worsening threat environment. And this is why being able to quickly identify, protect and respond to potential threats will reduce the time it takes to thwart, restrict and manage attacks and their effects. In order to achieve cyberresilience, organisations must embrace innovation to cope with the evolution of the attackers and unexpected risks to their business. u www.intelligentciso.com | Issue 28 21