According to Lloyd’s third annual Global Risk Index – a survey of more than 500 of the world’s most senior business leaders – cyber security has climbed from 12th to 3rd place on the threat scale. Now firmly at the top of the agenda for boards of global enterprises, cybersecurity is third only to the risks posed by high taxation and the loss of customers.
Matt Middleton-Leal, regional director for UK & Ireland at Cyber-Ark, has made the following comments:
“With the risks to global organisations higher than ever, it is clear that cyber security has finally reached the attention of business decision makers across the enterprise – no longer just an agenda item but a key point of discussion. Businesses are at last beginning to understand that the best way to mitigate the threat cyber crime poses, is to approach security from the inside out – with the assumption that your organsiation has already been targeted, or even infiltrated. Companies need to review their strategies and approaches so they are agile and can meet the ever changing threats.
“In recent times, we have seen vast amounts of evidence of the abuse of privileged accounts in advanced cyber attacks. With this in mind, traditional enterprise security infrastructure, including over-reliance on perimeter protections, is in need of an urgent overhaul, and businesses need to be prepared to be breached. The perimeter is important, however it is only one layer of defence and is not capable of warding off advanced threats, or of monitoring unusual activity and intervening once attackers are already on the inside. An organisation must be confident that its corporate networks and data are being managed and controlled in real-time and using advanced analytics in order to keep up with the escalating threat level.
“An equally important component in a successful cyber strategy is training at all levels of the organisation, as a simple mistake can also lead to a potentially disastrous loss of data. Education is particularly important for those in positions of privilege, including employees with access to both technical and business information via these sensitive credentials.
“Decision makers should be taking proactive steps to review their security strategies, ensuring that the layers of defence in place are capable of meeting the demands set by an ever-changing cyber threat landscape.”