Cyber Risk, has been traditionally considered as a part of operational risk, and handled in a more traditional manner. With an exponential rise in the number, complexity and the nature of business impact of Cyber Incidents, Cyber Security has piloted itself to a boardroom discussion. The emphasis on having a robust cyber security framework has been underscored by the Cyber Security requirements from the Department of Financial Services (DFS), which is applicable for Banking Financial Services and Insurance (BFSI) players.
Companies are expecting the CISOs and Information Security departments to provide a quantified, organization-wide view of Cyber Security. While the Cyber risks and threat vectors are generally focused from external factors, the Information Security Management team is expected to provide assurance on organizational assets, and their exposure to Cyber Risks. In pursuit of creating awareness and making management informed of the Cyber Posture of the organization, it is imperative that a consistent, quantifiable and risk-based model is operationalized, facilitating informed business decisions.
Cyber Security should be approached in a more integrated and pervasive way rather than being looked at as a set of security tools and implementations to build a robust model for managing associated risks.
Critical Success Factors: To be efficient and add business value, the following are pivotal factors for an organization’s Cyber Security Framework:
- Effective communication/ Visibility with Enterprise IT stack
- Ability to benchmark with industry peers/ international standards
- Robust risk models for quantifying and conglomerating cyber risk scores
Organizations have to leverage existing frameworks and best practices, with a combination of future-proof tools to design and operate a well-rounded Cyber Security Program, rather than focusing on complying with the regulations.
Considering the advanced nature of the evolving cyber threats, we recommend organizations have a future-proof approach to establishing and maintaining their Cyber Security Programs. From our perspective, the following are essential for a robust and future-ready Cyber Security Program:
- Artificial Intelligence and Cognitive Computing-based Cyber Analytics models for Threat Management & Analysis
- State-of-the-art Cyber Detection and Response Center with advanced Threat Hunting Capabilities
- Identity and Access Management for Multi-factor Authentication and Role-based Access to Non-Public enterprise data
- Threat and Vulnerability Management for assessing and remediating vulnerabilities in the Enterprise
- Cyber Risk Score Card and dashboard for consistent reporting of cyber health status
- Governance, Risk and Compliance models for well-rounded approach to managing cyber risk as a part of the enterprise risk management program