Cyber Security and Digital Resilience
The hallmark of an expert is that they know what they don’t know. Cyber security is a field that demands specialised knowledge and vigilance, which is why 9Yards has worked – since the very beginning – with the team at Digital Resilience.
If you’re a CIO, CTO, in fact if you’re in charge of IT and cyber security in any Australian organisation, you’ll know that cyber security has never been more of a concern than it is now. The threat landscape is continuously shifting. The regulatory requirements in place to mitigate and manage cyber risk can be tricky to interpret and navigate. Compounding the issue is that the right cyber security talent can be very hard to find.
Paul Dewsnap is the Co-Founder and Managing Partner of Digital Resilience, a consultancy that specialises in cyber security and risk management.
We asked him to draw on his experience and identify 3 common areas where organisations struggle when it comes to cyber security.
Finding cyber security talent with character and competency
Many organisations believe they have systems and processes in place to manage cyber risk effectively. However, says Dewsnap, the major factor limiting their ability to keep pace is talent.
“Finding talent in this market is hard. Talent of the right character with the right competencies is even harder. You may find someone with the right cyber security skills, but how do they fit within the culture?
“I value character over competence every day of the week. A culture or conduct mismatch can destroy an organisation, even a large one.”
Managing supply chain vulnerabilities
In today’s globalised economy, supply chains are extensive and intricate, spanning multiple geographies and involving numerous third and fourth-party vendors.
An organisation may have built in good controls, including through their supply chain. However, Dewsnap points out, when those controls were put in place the threat landscape may have been different and cyber security less of a concern.
“We often see that when those supply chains were designed, the focus was on efficiency and cost. In a world living with the reality of the Covid-19 pandemic and ongoing geopolitical instability, many organisations have come to realise that those supply chains are very fragile. So now they’re looking to reconfigure, and even redesign them. Can the supplier withstand what we call ‘plausible levels of disruption’, and scenarios that may disrupt those supply chains? How do individual suppliers operate when they’re under attack, under disruption?
“It’s vital to ensure that digital transformation initiatives are shielded from supply chain disruptions caused by cyber threats and other risks.”
Board and C-level knowledge and oversight
Effective cyber security has to begin at the top and be funded and resourced appropriately.
A traditional return on investment (ROI) model, says Dewsnap, won’t work for cyber security. He adds that, while understanding the nuances of cyber risks requires specialised knowledge and experience, boards and C-level leaders need to understand the critical importance of cyber security in safeguarding corporate interests and maintaining stakeholder trust.
A top down risk approach provides an anchor point. If you understand your risks to your assets or your critical operations, you can then actually assess and test your controls, against what’s important to the business.
“Ensuring you have good cyber security in place is just the cost of doing business. It’s the right to play. It’s your social licence. If you’re not taking care of cyber security, you’re putting consumers in harm’s way, potentially putting the entity in harm’s way and your staff in harm’s way.
“The cost and the regulatory imposition are only increasing. They are never going to decrease. This is our reality.”
Are you committed to keeping your organisation cyber-safe?
Digital modernisation is experiencing massive change and cyber security is a key part of the picture.
The team at 9Yards are familiar with these 3 common concerns of leadership buy-in, finding the right talent and understanding supply chain vulnerabilities. Our collaborative relationship with cyber security experts at Digital Resilience gives us access to a wealth of know-how and experience to build robust cyber security into your digital transformation project.
Knowing what you don’t know is a great start, and the perfect reason to reach out to the team at 9Yards.