Responding innovatively
at par with the rest of the world. For not victims, many have likely been compromised without knowing it.
As cyberattacks continue their rampage throughout the global business ecosystem, many organizations should assess their ability to respond to this challenge in the - ing and protecting the assets that are most essential to the business; their industry and their business; effectiveness of existing processes situational awareness to detect and - veloping cross-functional incident response plan for effective crisis values and behaviors to create and promote security effectiveness.
Conversations around these six areas would naturally lead organizations to establish their cybersecurity program and capabilities that hinge with the overall business objectives, risk appetite and tolerance levels. Mature organizations would have started their cybersecurity program fairly early on in their business with a stance on continuous risk assessment, making them resilient to cyberattacks. For less cyber-resilient entities, much of their focus would be on the incident response front as there is an increased expectation of cyberattacks being a “when” and not an “if.”
In the said survey, only a third of Philippine organizations have an incident response plan, trailing behind its regional and global counterparts. Where there is an incident response teams without adequate intervention or support from senior management and other key players. Cybersecurity is a shared responsibility that requires cross-functional disciplines. However, the composition of response teams is - ly affecting the handling of breaches.
take a look at several innovative ways organizations are implementing globally to respond to rising cyber State of Information Security Survey by PwC, and the CIO and CSO magazines, many organizations are incorporating strategic initiatives such as adopting a risk-based security framework, making use of cloud-based cybersecurity, formally collaborating with others, leveraging big data analytics and investing in cybersecurity insurance.
Adopting a riskbased cybersecurity framework
The vast majority of organizations that took the survey have adopted a security framework, or a combination of frameworks, that have provided productive results in terms of identifying and prioritizing risks, assessing the maturity of their cybersecurity practices, and allowing them better internal and external communications.
Harnessing the power of cloud- enabled cybersecurity
Over the years, cloud providers have steadily invested in advanced technologies for data protection, privacy, network security and identity and access management. Many have added capabilities that allow them to enhance threat intelligence gathering and modeling, better block attacks, improve collecting learning and accelerate incident response. For these reasons, most survey respondents said they use cloud-based security services to help protect sensitive data and strengthen privacy.
The big impact of Big Data
A growing number of organizations are taking advantage of Big Data analytics to monitor for internal and external cybersecurity threats, improve their ability to quickly identify and respond to security incidents, have better understanding of user behavior, and expand visibility into anomalous network activity.
Partnering up to sharpen cybersecurity intelligence
Over the past three years, the number of organizations that embrace external collaboration sharing and receiving information from industry peers, Information Sharing and Analysis Centers - forcement, and improved threat intelligence awareness.
Cybersecurity insurance
No amount of information sharing and advanced cybersecurity technologies can make systems foolproof against cyberattacks. purchasing cybersecurity insurance of cybercrimes when they do occur. Another benefit in getting cyber insurance is improving the understanding of their cyber-readiness.
These initiatives may seem ad if local companies have started adopting similar means to manage cyber risks. Where implementing innovative cybersecurity initiatives is far off, businesses can invest in core safeguards to better defend their ecosystem against evolving threats such as having an overall information security strategy, employee training and awareness program, security baselines/ standards for third parties, having a conducting threat assessments, and active monitoring/analysis of security intelligence.
- come apparent here, it is the reality that cyberattacks are here to stay. As technologies evolve and adversaries sharpen their skills, how can businesses prepare the risks of tomor - ently uncertain and continually changing. Organizations should consider assumptions in preparing for cybersecurity over the next
The digital age we are living in now is creating a greater avalanche of data that can be collected, analyzed and potentially compromised. Our lives and business will increasingly become digitized. The Internet of Things will release a flood of machine-to-machine information that will highlight the importance of strong encryption. Threat actors are likely to produce attacks that are even more technologically sophisticated. Assaults by nationstates will become more aggressive and possibly lead to cyberwarfare.
This future may or may not unfold but it is vital for organizations to think ahead and anticipate possible scenarios to develop a strategy for cyber-resilience. Doing so will enable businesses accelerate their cybersecurity program that is based on the right balance of technologies, processes and people skills with an adequate touch of innovation.
To help organizations learn more about innovative ways in responding to cyber risks, PwC is holding a Cybersecurity and Privacy forum soon. Email menen. miranda@ ph. pwc. com for details.