Organisations that consolidate technology into a single platform and reduce the number of vendor products can help ease integration and can help their security teams spot incidents more efficiently.
The most effective Chief Information Security Officers (CISOs) simplify their technology landscape, emphasise automation, and communicate effectively across organisational tiers.
The transition to cloud computing at scale and the Internet of Things (IoT) have increased openings for cyber breaches. 53% of cyber leaders agree that there is no such thing as a secure perimeter in today’s digital ecosystem.
Cyber complexity requires simplification, and this demands a close examination of the technology and services stack.
In today's digital landscape, the intricacy of cybersecurity challenges has reached unprecedented levels. To effectively mitigate these risks, organisations and governments must start by simplifying the technology and services stack.
One critical area of vulnerability is supply chains as all Irish organisations are now inextricably and digitally linked to businesses in their supply chain. Organisations that have more effective ways of managing cyber threats and have therefore fewer cyber incidents are almost twice as likely to be highly concerned about the risks the supply chain pose. CISOs in Ireland need to streamline their organisation’s supply chains to gain visibility into the resiliency of vendors on a continuous basis, not just as a one-off.
Organisations cannot assume that the cloud provider is handling all cyber risks. Cloud security is a shared responsibility.
Embed cybersecurity into workforce’s psyche
Cybersecurity awareness and vigilance needs to be embedded throughout the organisation. This requires buy-in from senior leaders and close communication between CISOs and the C-suite. Organisations that have cybersecurity operations embedded with core business priorities and strategies have higher odds of experiencing fewer incidents. The most effective CISOs translate the cybersecurity narrative into a storyline that resonates in terms of risk reduction, business impact and value creation.
The wider workforce remains a priority. Human error continues to be a major enabler of cyber breaches. Weak compliance to best practices outside the IT department was the third biggest internal challenge identified in the survey.
Only half of cybersecurity leaders say their cyber training is effective.
Non-IT adoption of best practices
Just 36%Are satisfied with non-IT adoption of best practices.
This raises questions on how effective this training truly is. Being brilliant at the basics should be the focus.
Organisations need to simplify best practices asked of the workforce and create guardrails in their processes to limit risk rather than rely on compliance. Making cybersecurity second nature by embedding it into the psyche of every person in the organisation will help ensure more effective training and adherence.
Talent is a recurring challenge as the cybersecurity skills gap continues to grow. Upskilling is a key focus for most organisations in the study. Leaders in this space are prioritising recruiting or reskilling workers not currently in the cybersecurity field to bridge the gap. These non-traditional hires can emerge from a range of backgrounds, including functional areas where automation has reduced workloads significantly, such as finance and general IT. They are also more likely to outsource additional functions and capabilities to third-party specialists in the future.
Finally, cybersecurity is not just about asset protection. Done well, it can also support and accelerate innovation and value creation across the enterprise.
The best organisations weave cybersecurity into the fabric of the firm, shifting it from inhibitor to value driver. Cybersecurity can be value generative by positively impacting on an organisation’s pace of transformation and innovation and its ability to respond to market opportunities.
Cyber secure organisations win greater trust from customers and suppliers who will be more confident doing business with them.
With threats increasing quite steeply, Irish organisations need to take a step back and view their cyber defenses holistically. Simplification will make it easier to detect threats and breaches while a broader view will include the supply chain which is becoming a key vulnerability. CISOs also need to communicate the cyber agenda more effectively to build a culture of cyber awareness throughout the organisation.
Summary
In an age where connectivity and interdependence are paramount, it is crucial to streamline systems and processes. This begins with a thorough understanding of the technology infrastructure - from the software and hardware in use to the services and applications that power operations. Identifying redundancies, eliminating outdated components, and consolidating where possible can significantly enhance security.
Moreover, a critical aspect of this simplification process is understanding the role of third-party relationships, especially in terms of third-party risk, fourth-party risk and, in particular, review of risk models for Hardware and Software Bill of Materials (H&SBOM). As organisations and governments share data and services across their supply chains, it is vital to gain transparency into how this data is protected at every level. Simplification, in this context, means creating clarity within complex supplier networks.
By simplifying the technology stack and by enhancing visibility into third-party interactions, we can better navigate the evolving cyber landscape, reduce vulnerabilities, and bolster our cybersecurity defenses.
How EY can help
Cybersecurity, strategy, risk, compliance and resilience
EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.
Read more
