Yes, companies are beginning to adopt cybersecurity best practices. However, the gap between their progress and that of cybercriminals is still very wide. Is the cybersecurity management of organizations keeping pace with the changes and transformation required?
Currently, cybersecurity is no longer the exclusive responsibility of the CISO and has been integrated into key business processes. With the growing wave of insecurity, it is essential that the entire organization assumes this responsibility. Not just the leaders, or the leader in charge.
While the CISO remains responsible for driving strategy and leading functions, it is crucial that all employees participate and support these initiatives. Any user can become the weakest link in their daily activities, as the following example demonstrates.
Let’s imagine a financial services company.
This company recently suffered a major security breach. Yes, it had a highly skilled CISO who had implemented advanced cybersecurity measures. They had developed a robust cybersecurity strategy and deployed numerous protection tools.
However, the CISO and other IT leaders never created a sense of responsibility throughout the organization. Nor did they foster a culture of awareness about the importance of information security. Employees never received the necessary training to recognize and appropriately respond to cyber threats.
What happened? One day, an employee received a phishing email that looked legitimate. Unsuspecting, they clicked on a malicious link. This allowed attackers to access confidential customer data and compromise the company’s systems. The CISO and other leaders tried to react quickly to the incident, but the damage was already done. As a result, the company suffered significant financial losses and incalculable damage to its reputation.
So, the question is: given this case, do you still think cybersecurity is the sole responsibility of the CISO, or is it shared across the entire organization? In a previous blog, we discussed this. We analyzed whether companies are truly prepared and what actions they should take to combat cybercrime. We invite you to read it for more context.
Returning to the case, the financial services company learned its lesson. From this bad experience, they implemented cybersecurity best practices and a training program for all employees. Additionally, they established clear policies to promote collaboration and shared responsibility in information security.
What is the Cybersecurity landscape?
Although the bank case we highlighted is fictional, we are sure there must be thousands of similar situations worldwide. The landscape is quite concerning. The reality is that progress in strengthening security is a significant challenge. Distrust and uncertainty are growing among organizational leaders and employees.
Cybersecurity incidents are becoming more costly every year. The percentage of those reporting losses of $1 million or more from their worst incident increased to 36%. In 2023, it was 27%. The sense of unease is palpable. Only 5% of IT leaders say they are “very satisfied” with the technological capabilities of their cybersecurity solutions. This means they do not feel fully covered.
Let’s look at the cyber threats that most concern organizations globally. A scenario that clearly highlights the importance of adopting a comprehensive cybersecurity strategy. Among the main concerns are threats related to cloud computing, which can paralyze entire operations, and attacks on IoT-connected devices, which remain one of the most effective ways to capture confidential information.
Are organizations implementing or planning to implement Cybersecurity best practices?
Let’s look at a chart that illustrates the level of commitment of organizations. This analysis identifies the most adopted measures to strengthen their ability to recover from cyber incidents.
It also provides a comparative view of priority cybersecurity strategies in the short and medium term. By observing these trends, one can better understand how companies are adapting to the current challenging environment.
Cybersecurity best practices future challenges
The future challenges are numerous. It would be very difficult to have them all clear and covered. However, according to a Gartner report, one prediction stands out as a critical area of focus.
One of the key strategies is geared towards the implementation of Generative Artificial Intelligence (GenAI). It is considered essential to overcome the lack of cybersecurity skills and reduce incidents caused by employees themselves.
If you want to delve deeper into this topic, we invite you to read our blog “Cybersecurity and GenAI: A Powerful Duo“. In which we highlight how the combination of cybersecurity and GenAI represents a crucial step in protecting an organization’s most valuable assets. Gartner mentions that by 2026, companies adopting GenAI along with security culture and behavior programs will see a 40% reduction in cybersecurity incidents. This trend becomes even more important in the current context, where 14% of security incidents can be attributed to human error.
But we insist. The key to successful execution lies in a properly laid-out strategy. It is essential to achieve effective coordination between IT leaders and other departments in the organization. It is the only way to detect and train talents in the field of cybersecurity. Cooperation is everything.
This requires the implementation of cybersecurity best practices, training programs, and the development of specific skills. Additionally, identifying talents suited for critical cybersecurity roles is essential. Only then can the needs in the prevention and defense against cyber threats be successfully addressed.
Let’s look at how organizations globally are implementing or planning to implement cybersecurity initiatives. Among the highlighted initiatives are the use of managed services in new areas for threat detection and the use of data to quantify risks and allocate the appropriate budget.
In conclusion
The truth is that no country or organization is exempt from cybercrime. All companies, whether well or poorly, are considering effectively addressing threats. But not all in cooperation with all employees. Many leave the issue in the hands of the CISO or a professional knowledgeable in the field.
Our call to leaders is to assume precisely a sense of leadership. To promote collaboration and information exchange among everyone in the organization. This will surely facilitate mutual learning and the identification of best practices to address cyber threats more effectively. You need to be at the center of it all.
This means meeting with leadership teams. Helping them regain confidence so they can overcome the intimidation they may feel about the insecurity we are experiencing. Clearly explain the use of specialized terms like ransomware, phishing, malware, exploit, hashing, among others.
Dare as a leader to talk about cybersecurity in everyday language, without losing the seriousness of the case. Using common language can help you deal with the tensions and chaos that inevitably occur at the heart of innovation. Talk to your customers, investors, and colleagues clearly. Present clear and frequent reports to build trust, inform, and attract.
Speak in the language of confidence. It is the best way to cooperate to ensure that the measures adopted drive, not hinder, business success. Remember that cybersecurity must be adopted as a company-wide effort, not just yours. Ask yourself every day: Shouldn’t cybersecurity stimulate innovations that save money and help grow the business?
Learn more about Interfaz and our sense of cooperation to solve critical issues like cybersecurity. Working as a team, we can help you strengthen your company’s cyber resilience and protect your digital assets.
