Inventory Your Highest Risks
4 in 10
organizations now take a riskbased approach to cybersecurity.
A risk-based approach moves organizations beyond standard security frameworks and a reactive, compliance-driven mindset. It looks at an organization’s unique goals and operating landscape to identify the most pressing security risks first and develop tailored policies, controls and procedures to mitigate them, before moving on to lower-priority threats.
“It’s about: ‘How is our business at risk? What are the worst types of scenarios that could occur for us?’” de Bont says. “Let’s identify what those [risks] are, and let’s reduce the risk of those events occurring.” That may mean implementing stronger authentication methods for certain high-risk user groups or systems than for others, for example.
To successfully execute this approach, de Bont says organizations need to get their technical teams, partners and suppliers on the same page about setting priorities based on potential outcomes.