ADVERTISEMENT

Make cybersecurity a strategic priority, before it’s too late

A study explores the response of companies to the NotPetya attack, and offers a strong insight into how to prepare and respond to cyberattacks.

Cybersecurity technologies
Adi Gaskell
Adi Gaskell Contributor
Sep 28, 2021 3 min read

Winners prioritize cybersecurity

Cyberattacks, and their impact, are not something that is confined to the IT department, but rather something that affects the entire business.
ADVERTISEMENT

Investing in cybersecurity

Arguably the most important strategic benefit accruing from investment in cybersecurity capability is through its ability to help the organization to learn and develop new opportunities.

Developing organizational resilience

  • Protecting the business. Traditionally cybersecurity efforts have focused on protecting the IT infrastructure, but while this is undoubtedly important, the researchers urge executives to broaden their focus to encompass the entire business, under the belief that attacks are an inevitable part of doing business in the modern world. As such, a layered approach that protects more of the key business processes is required.
  • Broadening awareness. Too often, executives look purely internally for cyber threats. The researchers urge instead to broaden their horizons and look outside the company to understand the threat landscape. Only then can a comprehensive strategy be developed. This is where sharing information of attacks can be so crucial as it raises awareness across the industry as companies learn from each other.
  • Managing the consequences. Just as before, dealing with the consequences of a cyberattack should not be purely viewed as an internal matter. Customers, suppliers, regulators, and financial markets are all likely to be affected, and will need to be managed and communicated effectively with. Being open and transparent is nearly always the best approach.
  • Responding and recovering. To respond effectively requires a detailed understanding of the capabilities of the organization. It’s vital that response plans should always strive to make resilience better than it was before, and further position cybersecurity as a value generator rather than a cost center.
ADVERTISEMENT