Cyber Security: A Part of Every Organization

Cyber Security A part of every organisation

Cyber Security: A Part of Every Organization

As we navigate our technological advancements in an ever-changing digital era, organizations face challenges in securing data. As organizations continuously migrate to newer solutions for scalability and cost optimization, cyber threats do evolve with the migration to newer solutions. However, some organizations do resist or limit themselves from investing in cyber security, which they see as an additional investment with zero returns to them. In this article, let us delve into some of the facts and myths that organizations have that make them less cyber-proof and prone to cyber-attacks.

Let’s say a company has launched a new product, app, or website related to online shopping and wants to display it in the market. During the product launch, the CEO of the company showcases the product and speaks about its impact on customers, along with benefits and pricing plans. As conclusion, the CEO of the company says that his organisation has invested in cyber security and has always ensured the protection of customer data at all costs. So now you are in the app/product launch, and you are not aware of cyber security as a whole, so neither you will show interest in the company’s initiative in cyber security nor its investment in cyber security. As a product or app consumer, you will show interest in-app features, benefits, problem-solving capabilities, etc., not in cyber security.

In this scenario, it is pretty much evident that from now on, even the CEO would not have shown interest in speaking about his organization’s cyber security landscape, as customers might not show interest in it. It is also viable for any CEO to consider that he or she is not going to gain anything when investing in cyber security as a whole, and often it is seen as an additional investment with zero returns.

The Role of CISO:

As per the above example, the company is neither interested in showcasing the cyber security landscape to consumers nor is it ready to invest in cyber security further. The role of CISO plays an important role in making the board understand the real importance of cyber security.

In the above example, let’s say the company is valued at around a million dollars. Now, the role of the CISO is to make the board understand the importance of investment in cyber security and the positive impact of investing in cyber security. A cyberattack can hurt the stock market. When CapitalOne disclosed that it had been under cyberattack, its share fell by around 6%. In this scenario, let’s say a company has around 20 web servers deployed to serve customers around the world. On an hourly basis, there are around 2000 users visiting the website and purchasing products worth 20 thousand dollars. As the company has failed to invest in the security landscape, there has been a DDOS attack carried out against the company that took web servers down for about 7 hours until the server was made to accept user requests. Now, if we do some simple math, the company has lost around more than a lakh dollars for the 7-hour downtime period because of a DDOS attack. Such a simple math presentation can make organizations aware of the impact of a cyber attack and encourage them to continue investing in cyber security.

Less people, more technology:

We always undermine people over technology or tools. An organization can have a number of tools related to audit, red teaming, blue teaming, etc., but if there are no people to manage those, it becomes difficult for any organization to cope with ever-evolving cyber threats. Let’s say, for example, that as a blue team, which is a 24*7 working model, I have SIEM, SOAR, EDR, firewall, email security solution, etc. to be monitored. But if I do not have enough resources to monitor it, the tools that have been in use are really of no use. Make a proper plan in accordance with people, processes, and technology.

Cybersecurity Analyst: An Unspoken Warrior in the Digital World

As a cyber security analyst, we always face day-to-day challenges with new cyber threats evolving in the digital landscape. It’s time to recognize ourselves as an important asset to any organization we work for. Let’s say in a year the company has not faced any cyberattack scenarios. Now it translates to the fact that it was not that attackers have not targeted the company; it was the cyber security analyst who stood at the forefront and has protected the organization’s rights and data.

Conclusion:

As a cyber security analyst, we must always prove our worth in the best way possible to our organizations. Constant learning and upgrading of domain knowledge can be quite useful in an ever-changing digital transformation and adoption.


Leave a Comment

Your email address will not be published. Required fields are marked *

About Author

Ganesh Kannan
Founder & Lead Trainer

I am enthusiastic and a passionate IT leader with over two decades of rich industry experience as a senior consultant, trainer and entrepreneur. I’ve worked for large enterprises and Fortune 500 firms and successfully delivered turn-key projects. I’m well experienced in IT Program Management (PMO), Project Management, Organization Change Management (OCM) and Quality Assurance/Testing. I love mentoring aspiring and experienced IT professionals & teams from diverse backgrounds. I enjoy building and running IT teams that provides services in the area of Digital Solutions, Quality Assurance, Test Automation and Robotic Process Automation (RPA).