The numbers are in, and it’s not great news: it now takes companies 206 days on average to detect a data breach. Research firm Ponemon suggests companies aim for internal detection with 100 days or less — this keeps costs “down” to just $6 million. Push past that 100 day mark and costs ramp up to almost $9 million.
The challenge? More than 75 percent of companies asked said they don’t have a formal cyber security incident response plan (CSIRP) that’s applied consistently across their organization. It’s no surprise, then, that 57 percent of respondents said it now takes longer to resolve a breach and 65 percent noted the severity of attacks increased.
So what’s the disconnect? Organizations and IT pros know the value of improved cyber resiliency and company-wide policies, and the outcomes speak for themselves. But they also face the specter of cyber security fatigue: piece after piece posted with best practices to follow and rules to implement that simply aren’t feasible day-to-day. Here are four fresh strategies to help boost cyber resilience.
Lose the Lockdown Mindset
Technology is now a critical factor in employee satisfaction — as noted by Digitalist Magazine, 82 percent of staff under age 34 consider their prospective employer’s tech environment before taking a new job. And for 42 percent of those asked, poor technology implementation and availability could make them quit.
What does this mean for organizations? That despite years of being told to “lockdown” IT tools and services to boost cyber resiliency, this strategy has the opposite effect. Why? Because day-to-day tasks now require a combination of mobile tools, cloud-based services and public web searches. Attempting to curtail employee access for security purposes not only prompts turnover but can impact business performance.
The better bet? Lose the lockdown mindset. Instead, focus on tools and services that provide granular, real-time end-user monitoring to provide total endpoint visibility.
Security by Design: Just the Start
Security by design has become a hot-button topic for many organizations thanks to the rapid uptake of mobile and IoT devices, many of which are insecure by default. The good news? Security by design is making headway, with many new services carrying embedded security tools such as encryption, strong authentication and automatic backups.
But it’s not a guarantee. Consider: new cars come with a host of safety features which — by design — are meant to protect occupants. If the car is driven recklessly, however, or these features aren’t regularly maintained, their ability to safeguard passengers goes up in smoke.
The same is true for security by design. Improving cyber resilience means recognizing this development as a starting point. Sustainability is now critical; this includes open lines of communication with staff, regular training on new policies and the recognition that security is always evolving.
Don’t Fight Gravity
Security recommendations often sound good on paper but are impossible to enforce in real life. Why? Because they make life more difficult for employees and so they simply circumvent any restrictions. The result? Better cyber resiliency means accepting the consumerization of IT tools and employee expectations: factors such as fun, ease-of-use and “coolness” all play a role in how staff interact with technology services.
For businesses to improve resiliency in the new digital age companies can’t fight the pull: employee experience trumps restrictions. With the right tools in place, IT pros can see what’s happening, when, and why, and take steps to respond immediately. This might mean solving user problems before they need to call IT, or detecting insecure activity before it compromises corporate networks — this provides the critical impact of both defining and improving the end-user experience.
Shine a Light
Shadow IT remains a problem. CSO Online notes that business users drive 38 percent of technology purchases because they’re willing to circumvent IT rules and leverage cloud or mobile services to get their job done, even if it leads to increased security risk.
Common advice here tells companies to “control” shadow IT, but that often means placing arbitrary restrictions on IT services which users simply ignore. Another option? Implement digital experience management (DEM) tools that help discover where users are frustrated, then loop staff into the conversation and ask their opinion. Reliable end-user data makes it possible to design secure tools and services that booth meet employee needs and boost cyber resiliency.
There’s a ton of security advice out there, but most is just a rehash of old policies that don’t really work. Want to improve cyber resiliency in the real world? Lose the lockdown, sustain security, go with the flow and shine a light on shadow IT.