Providing Protection from the Perfect Cyber Storm

EXPERT PERSPECTIVE — We’re witnessing the perfect storm. The disruptive pandemic has put pressure on cybersecurity teams, as widescale remote working escalates digital transformation. Waves of regulatory demands, coupled with politically-motivated cyberattacks, are adding to security pressures. And an increasing volume of attacks—our research reveals a 31% increase over 2020 per company—show that successful security threats are without industry or geographic boundaries.

But just as we would ride out any atmospheric storm, being better prepared ahead of time helps protect us from the elements.

There are four main actions that organizations can take right now to help elevate the cybersecurity discussion; define industry-specific security needs; secure technology innovation; and address the talent shortage.

Four Ways to Weather the Storm

Elevate the cybersecurity discussion: Security is not simply a technical issue for the IT team; it should be a business priority. With security as the cornerstone for a digital society and the economy, it’s time to elevate the cybersecurity discussion to business and national security leaders and better align security with the overall business strategy. CEOs and presidents should be far more cyber-savvy. They should get up close and personal with security’s exercises and simulations to feel the drama of real-life attack scenarios and be better informed on what to do if and when, it happens to them. They should be involved in writing the incident response and crisis response playbooks. And they should encourage a mindset shift so that their organizations adopt a culture that respects the value of good cybersecurity practices, rather than compartmentalizing managing risk as something the security team does, typically under the direction of IT.

Define industry-specific cybersecurity needs: In an era of personalization, it makes sense to relate to the differentiated security needs of specific industries, especially when it comes to improving the relatability of security measures with a business and its value chain. In my experience, specific security solutions can vary dramatically for different industries. Consider the complex security issues behind payment terms for the banking industry, the security technologies needed for connected vehicles in the automotive sector, or the privacy complications associated with digital health. There’s an opportunity to develop and define security measures with specific approaches for industry needs—from national critical infrastructure, to manufacturing, energy and transportation.

Secure technology innovation: We’re in the middle of a high-speed technology revolution that is transforming our societies and economies. Businesses should embrace the changes, taking advantage of innovative and emerging technologies to ride the constant waves of change. But this doesn’t mean security leaders should take a back seat. Cybersecurity should be a part of the blueprint from the start for any technology innovation, not an afterthought. It makes sense because sound security is so fundamental to the efficient operation of many of the new technologies today.

Think about the security impact behind cloud security and sovereignty. Think about the implications of the distributed nature of edge computing or extended reality and the metaverse.

While there is so much potential for this new digital world, there should also be assurances that the company or person you are interacting with virtually, is a trusted source. Identity theft and fraud are security risks we need to better understand and address in the metaverse. Establishing principles and building trust should come first.

Address the talent shortage: A shortage of cyber talent is a well-known issue around the world. We’re living in a high-demand market with more than four million unfilled cybersecurity jobs. Complicating matters further, traditional security skill sets, such as security administrators and cyber defense teams, are being supplemented by new skills requirements like security domain expertise or cloud technology capabilities.

To meet these new demands, the private sector, academia and government should work together to find and train cybersecurity talent, including thinking more creatively about the kinds of skills needed, like those of anthropologists, criminologists or social scientists. They should also reconsider unnecessary barriers to entry, like four-year degree requirements. Accenture has more than 16,000 people working in security operations and we’re always looking for ways to broaden our talent pool. Of course, upskilling, reskilling and basic cyber awareness training is key. We think it’s so important that we require fundamentals training for the entire (nearly 700,000-person) Accenture workforce.

Organizations shouldn’t go it alone.

We know that cyber risk is a global, systemic risk without borders, so it’s important to join forces if we want to make change and improve our robust view of cyber threats. Building an ecosystem of relationships should focus on creating a better and broader knowledge base by sharing more information with governments and among industries, such as threat intelligence, vulnerability and incident reporting information. I believe it is also incumbent upon the private sector to work collaboratively with policymakers to find ways to increase our collective cyber resilience. This includes recommending potential new policies and offering up their on-the-ground experts’ time to provide feedback on any changes under consideration to ensure success.

Although the dark cyberattack thunder clouds continue to roll in, we can all weather this storm, armed with the right protection—senior support, industry-specific measures, technology innovation and the best talent we can find.

Subscriber+Members have a higher level of access to Cipher Brief Expert Perspectives on Global Issues. Upgrading to Subscriber+ Status now.

Paolo Dal Cin brings over 20 years of deep experience to C-Level leadership across the largest organizations in the world. He oversees the full spectrum of security services across the globe and is a member of Accenture’s Global Management Committee. Previously, Paolo led Accenture’s Security Business in Europe. He is a Principal Member of the Cyber Initiatives Group.