March 10, 2022
Contributor: Jordan Turner
Prompted by Russia’s invasion of Ukraine, business leaders need to prepare for heightened risk.
- As Russia’s invasion of Ukrainecontinues, the threat of attacks to critical infrastructure and businesses grows.
- Although security and risk leaders bear the brunt of cyberthreat planning and management, all business leaders must prepare for the heightened risk and increase their organization’s cybersecurity readiness.
- These 10 articles outline many of the key issues.
Given the current climate, it’s vital that executives understand the range of cybersecurity issues — and the magnitude of chaos these attacks can create. Cyberattacks already cost organizations billions of dollars in ransom and lost income every year, not to mention the risk to human lives if critical infrastructure fails.
How organizations think about cybersecurity plays a vital role in business and productivity. This roundup of Gartner articles on the topic offers guidance on ransomware, building a robust security and risk program, and insight into questions from the board.
Whose Job Is It to Manage Cybersecurity? Hint: Stop Pointing at the CIO
Cybersecurity is a business risk, not just an IT problem. And yet many organizations have yet to change their culture of accountability. The CIO or CISO still carry primary responsibility for cybersecurity in 85% of organizations that responded to the Gartner View From the Board of Directors Survey 2022. Take a look at these five questions to get an initial sense of how prepared your business is to share responsibility for cybersecurity with IT. Read the article.
8 Ways You Could Be Inviting a Cybersecurity Attack
There are often systemic and cultural issues between IT and non-IT executives that leave organizations exposed to cybersecurity attacks. All business leaders must prioritize cybersecurity to stay out of the headlines. You can reduce the risk of cyberattacks by addressing these leading causes of failure within your organization. Read the article.
5 Security Questions Your Board Will Inevitably Ask
“But how did this happen?” is just one of a million questions CISOs and security leaders will hear after informing the board of a breach or attack. Boards are increasingly savvy about cybersecurity risks, and directors recognize how important security and risk strategy is to ensuring that the business functions properly. As billion-dollar ransomware stories pile up in the news, these conversations become even more important. CISOs need to be prepared for questions they will inevitably have to answer. Read the article.
6 Ways to Defend Against a Ransomware Attack
Many organizations end up paying massive amounts of money to their attackers, often through cyberinsurance protection, but the long-term effect is likely to be more ransomware attacks. Instead of building ransomware payments into the budget, organizations should focus on preparation and early mitigation. Chief information security officers (CISOs) and other cybersecurity leaders can focus on six actions to prepare for ransomware attacks before they happen — from conducting initial ransomware assessments to enforcing governance and educating users on ransomware response actions. Read the article.
Download now: The IT Roadmap for Cybersecurity
Develop a Security Strategy for Cyber-Physical Systems
Cyber-physical systems (CPS) process more than information; they manage and optimize physical outcomes, from individual processes to entire ecosystems. Protecting against attacks on these systems requires a different approach to risk and security. In a recent Gartner survey, security and risk leaders ranked the Internet of Things(IoT) and cyber-physical systems as their top concerns for the next three to five years. Although attacks on cyber-physical systems are not a new idea, attackers can now use ransomware to halt logistics operations and disrupt physical production. In this world, technologies like drones, smart grids and autonomous vehicles become dangerous targets. Read an article.
3 Planning Assumptions for Securing Cyber-Physical Systems of Critical Infrastructure
Concerns for the security of CPS in critical infrastructure are growing. The risks are significant and real. Attacks can be catastrophic, but may go unnoticed for years as attackers wait to strike. Governments worldwide are mandating more security controls for mission-critical cyber-physical systems. Security and risk management leaders can lean on Gartner predictions to plan ahead for potential risks. Read the article.
Why Critical Infrastructure Attacks Are Everyone’s Problem — Especially Now
Every executive and every business in every country relies on critical infrastructure throughout daily life — like energy, water, healthcare, food and agriculture. Not only are each of these sectors critical to the appropriate functioning of modern societies, but they are also interdependent, and an attack on one can have a direct impact on others. Learn why every business is a target and what CISOs should do to establish resilient business operations in a high-risk environment. Read the article.
4 Metrics That Prove Your Cybersecurity Program Works
When an organization suffers a data breach or other cybersecurity incident, it is not judged by whether it had a low number of vulnerabilities or if it spent enough on security tools. The question is whether it did the right thing based on its budget, size and needs. The following are types of security metrics to include in a dashboard to help prove to key stakeholders, such as regulators, customers and shareholders, that you met the duty of care. Read the article.
3 Actions Help You Train More Cybersecurity Savvy Employees
How many employees completed your last cybersecurity awareness training? How many clicked on your test phishing bait? Employees must be controls that detect and resist social engineering attacks, and it’s up to security leaders to provide them with the information and know-how to better defend against these attacks. Take these 3 actions to bolster the effectiveness of security awareness programs. Read the article.
The Top 8 Cybersecurity Predictions for 2021-2022
“How do we make sure our consumers aren’t physically harmed by rogue agents?” That’s the kind of question security and risk leaders need to predict and plan for in the future. The number and sophistication of security breaches is rising, putting security at the forefront of business decisions. Build these strategic planning assumptions into your roadmap for the year ahead. Read the article.