Story image

How business leaders must prioritise cyber risk - Palo Alto Networks

13 Mar 2019

Article by Palo Alto Networks CIO Naveen Zutshi

With today’s SecOps teams continually confronted with new cyber threats, cyber risk prioritisation is becoming more fundamental to successful protection.

Here are some of the things cyber and business leaders need to do to make this a reality.

Too many alerts?

Those responsible for securing their organisation’s networks must process a huge volume of security alerts every day.

Often these are generated by multiple cybersecurity tools and systems, complicating how teams can assess and derive actionable insights from the data.

Although it is vital teams are notified of vulnerabilities and threats, there is a considerable risk of alert overload.

Put simply, too many alerts of minor problems can affect an enterprise’s ability to quickly and easily prioritise and respond to what’s most significant.

Prioritising threats ensures organisations are taking a logical approach to cybersecurity, focusing their time and money on the most pressing dangers.

Deciding what not to do

Organisational heads are paid not only for the decisions they take on what to do, but they also have a responsibility in deciding what not to do.

Departments must compete against each other for the best cyber protections and resources.

While it’s hard to argue any department doesn’t deserve anything less than watertight defences, assigning everything with the same level of top priority is not viable.

For leaders to determine different priorities, there needs to be a large-scale cybersecurity cost-benefit analysis, free of bias from any one individual or team.

C-level employees should carefully assess the potential damage of each cyber attack scenario to establish Tier One, Tier Two and Tier Three priorities.

Priorities within each tier also need to be agreed and communicated organisation-wide so there is no mistake about where additional resources are required for the overall health of the company.

Data on employees and customers are the crown jewels of any organisation and so must come first.

If those are compromised, an organisation may not recover.

Once an agreement is reached, don’t set this the list in stone.

The threat landscape is constantly changing and adaptation is key to business survival.

While a business’s overall strategy isn’t likely to change very often, the techniques of its hackers often do, so business and cyber leaders must be ready to revisit their list of priorities in light of new threats and make changes to their defence systems where necessary.

Trust your cybersecurity team

The C-suite should trust their cybersecurity personnel fully in their abilities until they give them a reason not to.

Everyone should be held accountable for their actions, but organisational heads should make sure they are all on the same page with regards to what is expected of them, through clear and regular communication.

It is not just the health of organisations that depend on prioritisation, it is also the health of employees who are working on the frontline of cybersecurity prevention and risk management. Avoid loading up employees with too many work-in-progress items – make sure everyone is on the same page about what’s most important.

It’s not realistic for every task to marked as urgent and critical.

In fact, it can become demotivating for staff in achieving their goals for the organisation.

If staff are juggling too many things and not finishing the tasks that are actually the most important, their productivity will erode and their work satisfaction will, too.

New Zealand Govt announces cloud framework agreement with SAP
“Data-driven solutions are the most powerful way to solve some of society’s most pressing problems."
What is a kilogram? Lower Hutt holds its own weight on a global scale
Forget the old ways of measuring a kilogram – quantum physics is going to be the driver of massive change in the way we look at some of the most common forms of measurements.
How digitisation delivers speed to Porsche service documents
With its Service Department drowning in paperwork, Giltrap Porsche looked to Fuji Xerox New Zealand and its DocuShare Flex cloud document management solution for digital answers.
Govt & Canterbury Uni pour $7m into gaming research
The funding will be used to boost the University of Canterbury’s Applied Immersive Gaming Initiative, which will research and accelerate public use of immersing gaming applications.
This Feilding school has just won an international robotics award (again!)
“In typical Kiwi fashion, our students think laterally to solve challenges, build prototypes, test and retest until they have a working model. All on their own time and all with their own ideas."
Adobe & Software AG transform customer experience management
Adobe and Software AG have announced a partnership that will help businesses transform their customer experience management.
Chch crypto exchange Cryptopia facing liquidation
It seems that Christchurch-based cryptocurrency exchange Cryptopia has been unable to recover after malicious cyber attackers stole around $20 million worth of cryptocurrency.
Adobe & Amazon: Making merchants' stores a lot more powerful
Magento Commerce branded stores for Amazon sellers features native integration with Amazon merchant tools including Amazon Pay and Fulfillment by Amazon. These provide the convenience of secure payments and speedy shipping services for buyers.