EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Digital transformation can expose organizations to greater cyber threats, but hiring people with diverse mindsets can help rethink risk.
When the SolarWinds breach and Colonial Pipeline ransomware attacks made headlines for weeks in 2021, many enterprise leaders turned to evaluate their own organization’s cybersecurity efforts. While a majority of businesses have increased investments in cyber over the past 15 years, making a safer enterprise is not just about adding dollars — it’s about a mindset shift.
Cybersecurity is more than a technical problem, says Shawn Henry, President of Services and Chief Security Officer at CrowdStrike: “Cyber needs to be addressed as an enterprise business risk by every organization; it’s got to be front and center.”
Digital transformation means more risk
As organizations undertake digital transformation and adopt more and more technologies, such as the cloud or the internet of things, they expose themselves to much greater risk. “There’s a balance between security and convenience; you can’t have both 100%,” Henry says.
Threat actors have different goals
Organized crime groups target organizations from a financial perspective, whereas nation-states, which are well-sourced and well-funded, primarily conduct electronic espionage. So-called “hacktivist” groups target entities based on their social or political agenda. The toughest to defend against are insiders, who pose a high risk due to their knowledge of the organization.
Practical steps have big benefits
When was the last time your organization conducted a cybersecurity drill? Many businesses perform them either very infrequently or not at all. Drills are relatively inexpensive to do, and always less expensive and less time-consuming than a breach. It doesn’t pay to ignore them.
“I think the cyber threat is a lot like the five stages of grief,” says Jason Bliss, Executive Vice President, Chief Administrative Officer at SolarWinds. “Everybody goes through denial, anger, bargaining, and no one can get to acceptance. And so there’s a lot of bargaining going on right now.”
Cybersecurity talent needs diversity
Cybersecurity hires have been very much a monoculture — not just in terms of gender and race, but also in mindset. As cybersecurity professionals take on business roles that require lateral, expansive thinking, organizations need to broaden what they look for. It’s a good idea to bring in people with diverse thinking and different backgrounds, and to look beyond technical certifications.
Summary
Securing an enterprise against cyber risk requires more than increased investment, according to attendees at a recent EY workshop. Understanding the risks of digital technologies and the goals of hackers, alongside practical drills and diverse hiring, can make a difference.
