Cybersecurity is business survival and CISOs need to act now

Cybersecurity as a tool for business survival

08 Nov 2024, 15:27 · TechRadar

News By Alain Sanchez published 8 November 2024

(Image credit: Shutterstock)

Cybersecurity is an unending challenge for businesses. Just as they catch up, the bad guys innovate their techniques to continuously stay one step ahead. It’s an issue that will persist meaning cyber risk has become a business risk.

Organisations know anything that threatens their IT, threatens their company. It's a pattern we continue to see – businesses getting breached and reputational and/or financial damage following. As such, cybersecurity is now a board issue and a permanent topic of conversation within corporate leadership teams. Yet, organizations need to take bigger steps towards making their cybersecurity posture as strong as possible – their business depends on it.

Alain Sanchez

EMEA CISO at Fortinet.

Assessing cyber risk

Businesses understand the ramifications a cyberattack can have on the whole company, with research finding that nearly one third (31%) experienced six or more attacks between June 2023-4, compared to the same period the year before.

The impact of an attack is vast, the repercussions of which affect the entire company. As such one of the most crucial tasks of a CISO is to rank cyber risks in order of impact. This requires an equal understanding of the business and its technology stack and isn’t an easy task.

Part of this assessment requires understanding the priorities inside the organization's value chain and securing them accordingly. The second part of the challenge is to then look beyond the business itself and understand what outside forces may impact it. Among these external forces, we find the compliance framework – laws and regulations necessary to protect human beings, intellectual property as well as innovation.

The duality regulation brings though is a challenge. While necessary for protection, they cap and stifle IT teams who need to integrate legal considerations into their defenses. The more known about cyber risks and regulation however, the better. Knowledge is the feather in an IT team’s cap, and IT teams and boards should work together to take learning from other parts of the business and other regulations within their security practices.

Mitigating technical risk

Defense strategies are a must when it comes to cybersecurity resilience. Assessing the right combination of products, services, staffing and processes is crucial. Less is more in this matter. This is especially the case as, after years of technological accumulation, CISOs are realizing the hard way that a mass of products and vendors is not efficient. The next era of security will happen via convergence, not addition.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors