valerybrozhinsky - AdobeStock
As ransomware like WannaCry and Petya make headlines, securing the digital enterprise has become a top priority for companies. But to understand the risks of the digital world, organizations need to know where they are on their cybersecurity journey, according to a recent cybersecurity report released by communications company BT and consulting firm KPMG. The report, titled "The cyber security journey -- from denial to opportunity," details the five stages that businesses go through when managing their security risks and offers recommendations to overcome the challenges in each of those stages.
In this Q&A, Kate Kuehn, head of security practice at BT in the Americas, talks about the key takeaways from the report, explains why companies should focus on implementing cybersecurity basics and sheds light on how collaboration can help create robust solutions for managing digital risks.
What is the key takeaway from the report?
Kate Kuehn: For me, the report was really a call back to the basics in a world where we talk about a digital revolution, about the fast pace of change and about how companies are really transforming. If you think about the idea of digital enterprise, digital business, digital consumer, digital employee and how we communicate and what we go after as an organization -- these are all changing almost at the speed of light and security, to keep up, has to be simple. We have to think of it almost as a security 101 type of model.
Having a contingency plan, educating staff and refreshing training regularly, having up-to-date security policies, making sure security is regularly backed up, making sure we have strong passwords and security software is being updated, are all important. These all seem very basic, but the reality is a lot of companies are struggling with keeping up with these security 101s.
The report was kind of a refreshing call to arms that we have to get back to a simple model and think of security as almost building blocks, the puzzle that has to fit together holistically to keep an organization safe.
How can companies ensure that they get the cybersecurity basics right?
Kate Kuehnhead of security practice, BT in the Americas
Kuehn: The cybersecurity basics really fall into a couple of categories. One, it's a deep understanding of your organization's assets. Do you understand what's actually in your environment? With shadow IT, with the partner ecosystem today and with migration to the cloud, pure asset management is one of the easiest ways for companies to start to lay its foundation of good security.
Second, do you understand your stake? What I mean by that is what should you be protecting? Out of those assets, what are the crown jewels? Many times, what companies spend money protecting is unprotectable.
Third is the hygiene level: How is the enterprise laid out? Do you have a flat network? Where did you have your forced points of entry? What type of assessments are you doing? Are you actually executing steps to ensure that as your environment changes and adapts, your security posture is adapting with it?
How can the CISOs partner with CIOs and work toward managing digital risks?
Kuehn: Security is something that organizations have to look at collectively. It has the power to make or break an organization's efforts in digital transformation. It is the number one enabler to allow a business to run at speed and to build customer trust and confidence.
If I'm a CIO, I would look at what solutions I am trying to bring to market to help enable my company on its digital transformation journey. How am I going to utilize solutions to create a better speed to market to enhance my business to create a better work environment for my clients and for my own customers? And then work hand-in-hand with the security team to figure out how they can use security as an enabler for those solutions.
How can enterprises make themselves cyber resilient?
Kuehn: I view cyber resiliency as being able to utilize multiple tools and techniques, to have a contingency plan and understand where the attacks are coming from and to remediate quickly. It's not just about buying technology, but it's assessing your current controls against best practices in a cyber architecture and understanding how they work cohesively to protect your assets and then testing them to make sure you have the level of resiliency that you want.
What's the role of collaboration and information sharing when it comes to cybersecurity?
Kuehn: Collaboration and being a part of a community is critical if we're going to continue to stay one step ahead of the criminals and bad guys. We monitor and manage over 100,000 customers and devices around the world. Being a part of communities and thought leadership groups and government groups gives us the ability to take a look at what we're seeing and validate it with our clients and our partners. The more we talk about different types of breaches or threat factors or vulnerabilities we see collectively, the less impact they have.
If we are sharing best practices, if we're working together as a digital community, then the anomalies or the vulnerabilities don't have as much power because we're aware of them and we have the ability to collectively remediate in a much faster format.
Cybersecurity resolutions for 2017
The importance of investing in cybersecurity
Can employees help with ransomware detection?
Verizon report homes in on cybersecurity basics