5 cyber must reads for the weekend

We keep our ear to the ground for the interesting stats, insights and discussion points you need to feel in the know.?

A major cyber risk? The complexity of your technology stack?

84% of organizations are adding two or more new technologies to their existing suite of cybersecurity solutions, according to a 2023 EY cybersecurity survey. But ironically, it’s the very scale and complexity of security measures that now pose the greatest threat to efficient cybersecurity. Why? The more cluttered the technology environment, the harder it is to pick up signals and get on top of issues quickly. By adding more cybersecurity tech, you’re effectively maximizing the attack surface that hackers can exploit. So now more than ever, it’s time to simplify. Organizations that do face fewer incidents, respond faster, and are better prepared for future threats. So where should businesses start? “Organizations should review legacy systems that are duplicative or poorly integrated,” says Richard Watson, Global & Asia-Pacific Cybersecurity Consulting Leader at EY. Simplifying could also generate cost efficiencies...?

Cyber risk: Achieve security through simplification ?

?

Too many attack surfaces? ?

With the transition to cloud computing?and the Internet of Things (IoT) have increasing openings for cyber breaches, 53% of cyber leaders believe there is no such thing as a secure perimeter in today’s digital world. Most dangerous of all are supply chains, responsible for 62% of system intrusion incidents in 2021, according to 2022 Verizon research . Against this backdrop, it’s not surprising that “too many attack surfaces” was the most cited internal challenge to organizations’ cybersecurity approach in new EY research. Three in four respondents ranked cloud and IoT as the biggest technology risks in the next five years. Through cloud adoption in particular, attack surfaces have increased exponentially.?Companies can’t assume that all their cyber risks are being handled by the cloud provider; cloud security is a shared responsibility - especially when it comes to identity and access. Richard Bergman, Partner at EY, Global Cybersecurity Transformation Leader, tells us how true resilience can be achieved.

Mastering the cybersecurity attack surface ?

?

The cyber workforce challenge?

Talent is a challenge within the cyber workforce and upskilling is the main focus?for most organizations, according to the latest EY Cybersecurity Leadership Insights Survey. But successful firms are approaching this challenge creatively. In fact,?they are twice as likely to be prioritizing recruiting or reskilling workers not currently in the cybersecurity field. But where are they hiring from? A range of backgrounds, from finance to general IT, and from nontraditional backgrounds including apprenticeships. But that’s not all. Organizations can benefit from crafting roles to coordinate business and cyber teams too. For example, a “consulting” capability acts as a liaison between cyber teams and the wider business by understanding what is needed?and ensuring cybersecurity is incorporated into business plans. “Some companies are experimenting with a “pod” approach in which a team of cyber consultants manages a “lift and shift” process into the organization over a period of six or nine months where they might run a secure development cycle, training the relevant personnel and then move on. This can infuse new skills and allow the in-house team to learn by doing” writes Richard Bergman, EY Partner – Global Cybersecurity Transformation Leader. But that’s not all. ?

How cyber leaders talk business ? ?

Cybersecurity is not just about asset protection?

….done well, it can support and accelerate innovation and value creation across the business. So, what are successful businesses doing differently when it comes to cyber? “From our EY clients, we have seen the best organizations have cyber weaved into the fabric of the firm. Making cyber integral to every part of the organization and operating model shifts the function from an inhibitor to a value driver” says Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader. These businesses are much more likely to say their cyber approach positively impacts the organization’s pace of transformation and innovation compared to their lower performing counterparts (56% vs. 25%), according to the 2023 EY Global Cybersecurity Leadership Insights Study. And that’s not all. They’re also able to rapidly respond to market opportunities (58% vs. 29%) and focus on creating value rather than protecting value (63% vs. 42%). Richard shares more in his latest article.?

How cyber-secure organizations create value ?

?

Curbing the threat? ?

Just 40% of boards are very confident that they understand the biggest cyber risks facing their organization, according to the latest EY Global Board Risk Survey. This risks substantial damage to stakeholder trust - and financial performance. But the board’s job isn’t to be experts, but to make sure the organization is balancing speed of tech adoption with exposure to risk.?“Boards frequently hear of revolutionary new technologies that promise to reshape whole industries, some of which are overhyped, and some of which carry real potential,” says Edwina Fitzmaurice, EY Global Chief Customer Success Officer. “While it’s difficult to know how to respond given the speed of new developments, boards should be prepared to make an informed call on what’s right for the business.” To increase resilience, cyber risk should be established as a company-wide concern. This could include adding cyber risk to the agenda of every board meeting, inviting a third party to assess the organization’s cyber risk management program and mandatory all-employee training.?

What if the difference between adversity and advantage is a resilient board? ? ?

If you do one thing:?

Remember to update your passwords regularly.?Protect yourself online.

Don’t miss a must read, find all the issues of the weekly must reads newsletter by EY on LinkedIn here .?