The transition to a remote or hybrid workforce has widened the digital attack surface, increasing cyber risk significantly. Double extortion and ransomware attacks are now everyone's concern, including the board. Andrea Berg, CIO of Arjo, shares strategies to help security leaders more effectively communicate cyber risk management across the enterprise.
Cyber risk responsibility
Arjo provides processes, training, and equipment for healthcare givers across 100 countries, enabling healthier outcomes for people with mobility challenges in long and acute care facilities. As customer demands have increased the delivery speed of services, Arjo now requires 24/7 operations and cannot afford the downtime brought upon by a breach. Clear and purposeful communication around IT cybersecurity requirements is critical to ensure the board, audit committee, management, security staff and all employees are aware of their responsibility in reducing risk across the organization.
Channels of communication
Managing healthcare data adds an extra layer of sensitivity to Arjo’s operations. Data privacy and confidentiality are paramount to building trust with external partners, investors, and customers. This requires a different approach to how IT security needs to communicate with these groups to address the various types of questions or demands you receive from each constituency. “Different audiences need different kinds of communication, where you really stick more to the words, to the tools, to the technologies that they want to hear, that they want to see,” says Berg. She recommends using diverse channels to communicate, from formal PowerPoint presentations and training to informal conversations at the coffee machine. Keeping an organization and its customer’s data secure relies on breaking down communication silos.
Keeping your house secure
While management is usually interested in a high-level overview, Berg stresses the need to use a friendlier language when approaching IT training and discussions. To help close the communication gap between cybersecurity specialists and an organization’s management team or employees, she suggests using storytelling and analogies when explaining “invisible” security threats, such as risks associated from using public wifi.
Berg offers her “house” analogy. “IT security, you can compare it with a house. You lock your door, and maybe even put a camera on or put a security guard in front of it. And I think this is what happened with IT security. We have the basics, the firewalls, the MFA, the access controls. But nowadays, that is not enough. So now, we have put a camera on, and we have put a security guard in front of the door. And responsibilities of everyone is, of course, not to keep the door open, to stick to the principles.”
“You can never do enough”
Regarding cybersecurity initiatives, part of the senior management narrative has shifted. The question is no longer, why are we doing so much? But rather, are we doing enough? When Berg is saddled with that question, her answer is simple and concrete, "You can never do enough." She cites the sudden and swift expansion of the digital attack surface as an example. Ransomware has grown to be a sophisticated and organized business. Threat actors are learning to be stealthier and more resourceful. In turn, organizations need to stay connected and investigate new trends. A backup and recovery strategy no longer provides you with the visibility needed to offset rising vulnerabilities. Because it is nearly impossible to keep pace with each vulnerability within your environment, a continuous monitoring service is needed to ensure all vital patching and upgrading is completed in time.
What to look for in a unified cybersecurity platform
Communication with senior leaders regarding cyber risk management can’t begin and end with recommendations and strategies. Security teams and senior leaders need to align on security tooling that is best suited to address their widening digital attack surface. Siloed point products frequently produce a large number of false positives which leads to overburdened security teams bogged down by investigation and response tasks. A unified cybersecurity platform with broad third-party integrations provides a single telemetry of truth, allowing IT teams to quickly investigate and respond to the most critical threats and mitigate risk. In addition to looking at market leaders that are recognized by industry analyst firms like Forrester, Gartner, and IDC, CISOs and security leaders should consider the following:
- Market-leading extended detection and response (XDR) capabilities enable teams to search, investigate, analyze, and respond from a single console.
- Third-party integration, including firewalls, SIEMs, and SOARs allows for the delivery of more meaningful data to security teams, which reduces alert overload and optimizes workflows.
- Continuous scanning into the CI/CD pipeline allows for DevOps teams to start security left, while automated monitoring ensures security issues are caught and remediated before the app is shipped. A unified cybersecurity platform should deliver both.
- A Zero Trust approach is based on the credo of “never trust, always verify.” Each user, device, and application should be thoroughly vetted before granted access to your systems.
- Global threat research helps deliver automated updates and upgrades fueled by the latest threat intelligence.
For more insight into how your organization can better understand, communicate, and mitigate cyber risk with Trend Micro One, our unified cybersecurity platform, check out these additional resources: