A Cybersecurity Wake-Up Call

Though oftentimes not visible, cyber threats exist everywhere—not even fish tanks or baby monitors are safe. In a world where connectivity is ubiquitous and daily items from our TVs to our vehicles have become more digital and data-driven, the avenues for threats have only intensified. Tools like ChatGPT and deepfake technology have made it even easier for hackers and bad actors to infiltrate systems and successfully pull off cyberattacks.

The question is no longer if a cyberattack will occur, but when. Good enough is no longer good enough. The relentless surge in sophisticated cyber threats has cast a glaring spotlight on the imperative for businesses to fortify their defenses, adapt proactive strategies, and foster a resilient cybersecurity posture. Easier said than done, of course, but actions that can have severe consequences if not considered seriously.

The imperative? It’s time for a cyber resilience wake-up call.

Most organizations follow a strict framework and build their cyber resilience framework around meeting compliance requirements. That’s a start, but we see three distinct areas that companies are getting wrong:

• Not pushing the envelope: It's vital to adopt a comprehensive cybersecurity approach, encompassing key controls like endpoint detection, security monitoring, response plans, cyber insurance, and effective training—while prioritizing a full lifecycle vulnerability program to ensure a resilient defense against evolving threats.
• Not choosing the right tools: Organizations should align their cyber budget and spend to the threats that matter most to their company—then learn how to use the tools and track their success against key performance metrics.
• Not thinking strategically about cloud security: Executives must strategically navigate cloud security, considering cloud-native solutions, adapting to consumption models, and anticipating operational changes.

Critical to a cybersecurity overhaul is identifying a strong chief information security officer. If one is already in place, determining that individual’s role and defining expectations and outcomes leads to greater value.

"Sometimes you need someone who is more like a cruise ship captain, not there to make a lot of changes but to keep the train moving, our national cybersecurity lead Deron Grzetich told Dark Reading . “Then there are field CISOs, who are more like evangelists who help solve relevant cyber issues and are more a face of the company. It depends what you're looking for and where you are in your cyber maturity journey."

Organizations that get that wake-up call—like one of the nation’s leading utility company that wanted to better isolate its operational systems in the event of an attack on its IT systems—will be better prepared, reducing the potential for downtime and associated revenue loss.

The National Institute of Standards and Technology (NIST) made significant updates to its Cybersecurity Framework (CSF) last month—specifically in governance and supply chain management, write our cybersecurity experts Sam Flemmer , Scott Crider, MPS , and Sean Murphy, MBA, PMP . A governance model fostering shared responsibility ensures unified and integrated cybersecurity efforts—especially for security teams managing external assets. Safeguarding interconnected operations, prioritizing safety, privacy, and availability in the supply chain involves strategic oversight of third-party providers.

This new framework will have a significant impact across industries, including:

• Utilities, due to their reliance on international components and diverse supplier networks. Managing risks requires continuous monitoring of suppliers, verifying their security measures, and understanding the supply chain through Software and Hardware Bill of Materials. Digital advancements that enhance grid resiliency also leave utilities open to more cyber threats that requires a multifaceted approach, our cyber expert David Chaddock analyzed in our 2024 Energy & Utilities Outlook.We also recently attended #DISTRIBUTECH2024 and heard from utilities that are focused on onboarding new technologies like DER, AI, and other cloud-based capabilities. In particular, utilities are focused on defining the proper security assessment criteria for those offerings and leveraging their security governance programs—to both realize the benefits while improving their security posture.
• Healthcare organizations, for addressing their unique vulnerabilities and safeguarding sensitive patient data from cyberattacks that could compromise privacy and disrupt critical services. Recent attacks on Lurie Children’s Hospital and Change Change Healthcare have underscored the importance of having a resilience plan in place to combat such attacks.
• Implementing NIST CSF 2.0 enhances manufacturers' cybersecurity, ensuring the integrity of systems and data, regulatory compliance, and building trust with customers and partners in a complex supply chain.
• There’s been a significant uptick in cyberattacks in the private equity space, with bad actors targeting portfolio companies that enter the public eye once an acquisition is announced. One of our longest standing offerings—CAPE, led by partner Christina Powers —combines breach investigation, infrastructure recovery, and private equity expertise to quickly identify and address cybersecurity threats before they arise.

In our hyper-connected world, the inevitability of cyberattacks demands a proactive shift toward comprehensive cybersecurity. The imperative is clear: Organizations must embrace measures beyond compliance, align tools strategically, and navigate cloud security with foresight. The recent NIST Cybersecurity Framework updates underscore the importance of shared responsibility, providing a crucial foundation for industries to fortify defenses against evolving cyber threats—in all aspects of business and life.

CSO online | Top 7 weirdest, meanest and dumbest hacks of all time

Cybersecurity Dive | Challenging the ‘good enough’ cybersecurity mindset

West Monroe | Emerging Cybersecurity Threats—and How Organizations Can Fight Back

West Monroe | Developing OT isolation procedures enables utility titan to respond 90% faster to cyberattacks

Dark Reading | Is the vCISO Model Right for Your Organization?

West Monroe | What industry leaders need to know about the NIST Cybersecurity Framework 2.0

West Monroe | Healthcare's cybersecurity wake-up call: A 5-step resilience plan

West Monroe | 2024 Energy & Utility Outlook

West Monroe | Protecting Private Equity Portfolio Companies Against Cyberattacks

World Economic Forum | What does 2024 have in store for the world of cybersecurity?

Healthcare Dive | UnitedHealth suspects ‘nation-state’ behind Change cyberattack

Medium | Cross-Functional Collaboration for Enhanced Cybersecurity

Subscribe to West Monroe’s podcast, This is Digital

Subscribe to West Monroe’s new podcast miniseries, This is AI

Subscribe to West Monroe’s latest Perspectives

Subscribe to West Monroe’s Product & Tech Blog, The Conduit