The various risks of doing business in our digitally connected world continue to evolve. So must the approach organizations take in confronting those risks, for failing to do so in the current risk landscape can be far more dangerous than in prior years.
I spoke with Nick Galletto, Global Cyber Risk Leader at Deloitte, who traced the evolution of the dangers of doing business in a digitally connected world. Early on, our focus in the cyber risk management space was on how to protect websites from being defaced, he explained. Organizations had to make sure websites were functioning properly, that data was secure, and the integrity was maintained.
Galletto went on to say that we’ve moved from an era of compliance and risk management to an era of complexity. From an organization’s perspective, their focus was on making sure the company was compliant with new and evolving regulations, and risk management meant having policies, procedures and effective controls in place.
“While compliance is a necessity, it is not the silver bullet that’s going to protect us from any potential breaches,” Galletto said. “So organizations must look at conducting their business in this connected world not merely from a compliance perspective but from a risk perspective. A clear example of this is the number of PCI-compliant companies that were still getting breached.”
“Now as organizations move into an era of complexity, they need to be proactive in detecting anomalies and suspicious behavior and be prepared so their teams have a playbook that allows for seamless response. Effective organizations will play back possible breach scenarios – whether they involved data breaches or denial of service — to prevent and prepare for similar attacks. They also focus on understanding what their crown jewels are and where they reside and how to best protect them. Much of this also has to do with data,” Galletto said.
“Organizations are increasingly reliant on the cloud and they must understand the associated risks and the individuals responsible for managing those risks,” he said. “They need to be sure they have the right coverage as well.”
“This era of complexity – automation, machine learning, artificial intelligence and the internet of things, along with the tremendous advantages, like the cloud – also bring new risks,” Galletto continued. “As consumers we see use of these technologies more and more in our daily lives. But organizations are increasingly integrating them into their operations. When something goes wrong here there can be actual safety implications, such as with autonomous vehicles or industrial controls in the mining and manufacturing sectors, as examples. In the financial sector these technologies bring great advantages to customers in terms of accessing their information more efficiently or providing better customer support. But as machine learning and AI become more prevalent in the world of FinTech, decisions are being made without human cognitive capabilities to know right from wrong. These new technologies bring more complexity.”
“As organizations take advantage of these innovative new technologies, they also have to know that their risk profile is changing right along with them. Smart companies will be proactive in understanding the risks associated with cyber everywhere, understanding where their cyber posture is and make adjustments along the way to better manage complexity.”
Galletto is one of the speakers at this week’s International Cyber Risk Management Conference in Bermuda, which just kicked off this afternoon with more than 200 professionals in this center of global cyber risk.