Speaking in the opening keynote session of day two of the Infosecurity Online event Lee Howard, head of IT security, risk and shared services at N Brown Group, discussed the current cyber-threat landscape and explained, in a world of unpredictable cyber-risks, organizations must be prepared for the worst-case scenario in order to be resilient.
“We can’t possibly know every single threat that’s going to affect us – it’s unpredictable. Therefore, we need to go through a mindset change; instead of trying to identify each and every threat methodically, we should be prepared for all threats, whenever they throw themselves at us.”
Most importantly, organizations must be prepared for the worst-case scenario from a cyber-threat perspective, Lee said.
If we can’t assess all the threats and we don’t know the frequency of threats, then organizations must take a “prescribed preparation” approach to the worst-case cyber-scenario.
“Being able to prepare allows you then to absorb the impact of a situation as it unfolds. Preparing for the worst-case scenario makes you really think about what’s valuable. What we do a lot in cybersecurity is focus on certain technologies, areas, initiatives, programs and projects to get things over the line. The reality is, we sometimes forget that we’ve been put in these positions to preserve operations, asses a situation and make ourselves as resilient as possible.”
We are moving into a new phase of technology now and a new era, and the likelihood of an event occurring is very high.
“We’re getting to a point in time where, in having a cyber-incident, we’re not measured in did it or did it not happen,” we’re measured in how we respond and how well the business is able to maintain operations as the incident unfolds.
“That’s the mindset we need to get to; to accept incidents are going to happen,” and respond effectively, Lee concluded.