Castellan Solutions
Cybercrimes are on the rise, and today it’s a real threat faced by organizations of all sizes.
Long gone are the days when attackers focused primarily on large enterprises. Now, any organization that creates, stores, or transmits sensitive data, for example, personally identifiable information (PII), or who is involved with critical infrastructure, can be at risk.
In fact, a report from Positive Technologies indicates that external attackers are able to breach the network perimeter and gain access to local network resources in 93% of companies. In 100% of companies, an internal attacker can gain full control over infrastructure and another 100% of companies have maximum domain privileges that allow access to other key systems.
A report from Cybersecurity Ventures further quantifies just how lucrative cybercrime has become, saying it anticipates that cybercrime costs will increase by 15% each year over the next five years, and by 2015 will reach $10.5 trillion USD annually.
Steve Morgan, editor-in-chief at Cybercrime Magazine put it into perspective by saying if cybercrime were measured in terms of a country, at the estimated $6 trillion mark in 2021, it would be the world’s third largest economy after the U.S. and China.
And if cyber-criminals are making money, that means organizations are often losing. From 2006 through 2022, Statista reports that the average organizational cost to a business post data breach has increased from $3.54 million to $8.64 million.
With stats like this, it’s easy to see why cybercrime is gaining increased attention from executives and key stakeholders.
As an more organizations begin to quantify the dollars and cents of potential disruptions like cybercrimes, we’re seeing a push from the highest levels for organizations to focus more on holistic detection, prevention, and recovery approaches, catapulting business continuity and operational resilience front-and-center.
Gartner touched on this recently when it released its Top Eight Cybersecurity Predictions for 2022-2023, noting that “by 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest, and political instabilities.”
Why is this shift happening now?
While in part due to successful data breaches that expose vast numbers of records, the Gartner report indicates some of this has been driven by the pandemic where many organizations realized their traditional business continuity management programs couldn’t support managing a large-scale disruption.
That’s because many organizations still have distinct lines between programs that should work together toward common operational resilience goals. Successful organizations can no longer approach disruptions in a siloed manner, separating IT from business continuity and crisis management.
The Gartner report encourages organizations to recognize operational resilience as a “strategic imperative,” a move we have been championing for quite some time.
That’s because disruptions like cybercrime don’t exist just within your IT department. These are real business risks and they should remain top-of-mind from your C-Suite all the way down to the individuals responsible for managing resilience-related roles and responsibilities daily.
Get The The Cyber Response Builder
The reality is the threat landscape is evolving and constantly expanding. Organizations can no longer build resilience plans and keep them shelved away in binders, hoping for preparedness if a disaster happens.
We can draw on current experiences to see that for most organizations, a disruption—and often multiple simultaneous disruptions—is a reality. That’s why a holistic approach for risk management is a must for survivability.
And it’s not just about responding and recovering from events like a cyber-attack. It’s about optimizing all of your readiness activities such as your OpRes, business continuity, compliance, and disaster recovery programs, and unifying them with your response activities, for example, your emergency notification processes and crisis management plans.
As we have seen with the impact of COVID-19 on operations, for example, the supply chain, disruptions are more far-reaching than just what happens inside your organization. While a disruption might affect your capabilities to deliver products and services, it can also negatively impact your employees, business associates, key suppliers, the market, your compliance and regulatory obligations, and even your customer expectations.
By developing and implementing a holistic business continuity and resilience program, your organization will be better poised to identify your risks—regardless of how quickly the threat landscape changes—and develop, test, exercise, and execute strategies that minimize disruption impact.
Unfortunately, many organizations say their existing business continuity and resilience programs are primarily tactical and not strategic. Many are sticking to check-box compliance approaches, instead of focusing on the bigger picture—identifying and minimizing your risks.
Shifting your programs from that siloed approach to a more holistic resilience perspective can help you identify gaps and make actionable plans that truly benefit your organization when you need it most.
Need help implementing a resilience program or evolving your current strategies to become fully integrated with optimized readiness and response activities? Contact a Castellan consultant today, download our Getting Started With Resilience Management Guide, or check out our on-demand webinar, “Resilience Management: Breaking Down Silos for Better Readiness and Response.”
Get The The Cyber Response Builder
Now you’re ready.TM
Get resilience insights delivered to your inbox.