Ransomware attacks have skyrocketed in recent years. There is no sign of slowing down despite the increase in spending and risk awareness. Cybersecurity personnel often feel burned-out and relatively ineffective. They are constantly firefighting, and the reason is clear – they are dealing with a complex system in modern enterprises with many uncontrolled and unknown variables. It requires a different approach to problem-solving as articulated in this HBR article: Stop Fighting Fires.
Cybersecurity teams are now desperately searching for their next shiny tech-tool that can allow them to tackle these fast-surfacing challenges effectively. Is there one? The tech vendors would say, “yes.” In fact, we’d gladly sell them one too. Is that the right answer, though?
As people often say, “what got you here won’t get you there.” In many organizations, cybersecurity decisions have either been made or heavily influenced by Network Engineering teams. With the emergence of Chief Information Security Officers (CISO), the scope has expanded to include broader IT operational processes involving applications and IT endpoints; they have improved security processes with the implementation of SIEM and SOAR. CISO organizations have brought strategic excellence in cybersecurity by assessing technical needs, running tech procurement processes, and implementing architected solutions.
Whether businesses have gained full value from their technical investments is yet to be determined. Furthermore, the value of tech-focused, siloed approach is also questionable when we know that 86% of cyber-incidents involved human-factors such as errors and misuses, and about 70% of incidents originated from internal actors and partner organizations. Hence, organizations now must focus on operational excellence and expand the scope of cybersecurity to cover all business processes as opposed to only IT-centric processes.
The following table covers general observations on the current state of cybersecurity and gaps. The assessment framework considers (1) technology or breadth of controls, (2) processes, and (3) leadership.
While much progress has been made, the next phase of cybersecurity requires a focus on maturity. Maturing cybersecurity in organizations is more about processes and leadership than the implementation of new tools. It calls for a programmatic approach with cross-functional engagement. Hence, we call it a gap in leadership!
In a recent interview with CFE media, our CEO explains the need for cybersecurity maturity and calls it the next big level that organizations need to focus on.
We, at MediTechSafe, continue to hold no-obligation webinars on this topic. We offer an easy-to-use platform that organizations can use to manage cybersecurity related risks in a cost-effective manner. To learn more about the topic, approach, and our platform, email us at info@MediTechSafe.com.