sb-nz logo
Story image

How to address cyber-threats as a strategic risk

29 Oct 2020

Article by Fortinet regional director of A/NZ and the Pacific Islands, Jon McGettigan.

Most business leaders understand that cybersecurity is a critical business risk and that their organisation will never be immune to cyber-attacks, regardless of the size of the company or the industry in which it operates. However, understanding that the risk is real, and implementing a strategic plan to deal with that risk appropriately are two different things.

Too many organisations implement point solutions or take an incomplete approach to their cybersecurity. This results in gaps and vulnerabilities that can put the organisation at risk despite its otherwise diligent security focus. Instead, businesses should seek a solution that delivers a more holistic blanket of protection to cover all the gaps.

As businesses increasingly turn to technology for every aspect of operations, the proliferation of devices, clouds, networks, systems, applications, and more create a much larger attack surface for cyber-criminals. Threats can appear without notice, putting organisations at risk. 

Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.

In organisations that get cybersecurity right, the issue is treated as a priority by everyone in the business, particularly the leadership team. Since no company is immune to cyber-attacks, the most important thing a company can do is set a security-positive culture in which everyone understands and embraces their role as a protector. This awareness makes it harder for cyber-criminals to mount successful attacks.

Once there is a strong cybersecurity culture in place, the next step is for the organisation to implement the right security tools and work with a partner that can help get the best results from those tools. With the right security measures in place, it is more difficult for attackers to compromise the organisation.

Ideally, businesses need to choose a security platform, rather than a single solution, which can deliver visibility across the environment and efficiently manage both security and network operations. A security fabric can deliver an integrated solution by linking different security sensors and tools together. 

This provides a more comprehensive and accurate view of the activity, traffic, and behaviour in an organisation’s network in real-time. The security fabric offers end-to-end protection for the network, from endpoint devices to core systems.

The best return on investment in cybersecurity, in terms of both time and money, is that nothing happens. The security fabric approach includes various elements that work together to defend the network, share threat intelligence, expand visibility, and deliver strong security across access, client, application, cloud, and more. 

Instead of trying to pull together information from disparate security tools, then build a picture of what this means for the organisation, a strategic security fabric approach puts all that information front and centre for the security team, and acts to protect the organisation from threats.

A unified management interface that provides cooperative security alerts, recommendations, audit reports, and full policy control across the security fabric will deliver peace of mind that the business’s network is secure.

The alternative is that an attack is successful, in which case the company will have to spend time and money remediating the attack. Even when the technical effects of the attack have been eradicated, the company may still have to deal with reputational damage, and account for lost productivity. Remediation can, therefore, be far more expensive than prevention.

This makes cybersecurity a critical business risk rather than merely a consideration for the IT or security team. Just as organisations strategically plan to mitigate other business risks, cybersecurity should be a key discussion point at the highest levels of organisational leadership.