Get Your Cyber Security Plan In Place Now
As many more businesses are moving online as part of the process of digital transformation, so cyber crime like data theft, phishing emails and ransomware is increasing. Furthermore, the COVID-19 pandemic has pushed many businesses with immature IT and security processes online and into the cloud, where they sometimes make mistakes that can leave them victim to criminal hacking groups.
The cyber security industry has reached a critical point with the increasing sophistication of cyber criminals.A strong cyber threat intelligence strategy and planning program is more relevant than ever to all organisations and now is the time to plan your cyber strategy for 2021.
In the 2020 annual SANS Cyber Threat Intelligence Survey about 50% of respondents reported having a dedicated team of employees focused on cyber threat intelligence. Nearly 61% said they relied on a mix of in-house personnel and third-party providers to fulfill their threat intelligence needs, up from 54% a year ago, while a small slice, about 8%, said a single employee was assigned to the task.
Despite increased perceptions about the value of cyber threat intelligence, many businesses and industries with less mature security programs still struggle to define what it actually means to them, which capabilities to incorporate, and how to do the ground level planning necessary to support the telemetry and technological tools they put in place.
Part of the reason some businesses can struggle to incorporate cyber threat intelligence is because the term itself is widely misunderstood. While there are certain fundamental issues, like monitoring one’s own internal telemetry for malicious behavior, the phrase is often used as a collective term of quite different tools, processes and analyses that can be used to track and respond to security threats.
Much of the business world is still grappling with how cyber security has become vital to the integrity of their operations.
For a business to determine which slices they might need requires documentation, gathering intelligence requirements and engaging with various stakeholders throughout the organisation. The SANS 2020 survey found some progress along this front, with 43% of respondents reporting that they have taken steps to formally document their intelligence requirements, up from just 30% who said the same a year ago. Scoping out those requirements in human terms is important.
The reality is that while some cyber security threats and defensive capabilities are universal, the vast majority of organisations will derive value from just a small fraction of threat intelligence activities.
As cyber security becomes a strategic priority, the CISO role needs to evolve to match its influence within an organisation.
In some PWC research it was shown that more than a quarter (27%) of UK organisations said the CISO's primary role should be as a transformational leader. This compares to 20% among global respondents.
The transformational CISO needs the ability to lead cross-functional teams to create agile, forward-thinking security operations that can support an organisation's strategic transformation goals. In contrast, just 15% of UK respondents said the CISO should primarily be an operational leader and master tactician compared to 20% globally.
SANS: PWC: SC Magazine: Cyber Leaders Unite: Image: Unsplash
For help with your cyber planning strategy please contact Cyber Security Intelligence for advice and recommendations on defining an effective Cyber Strategy Plan.
You Might Also Read:
Critical Cyber Security Threats & Solutions For Business: