Cómo reforzar la gestión de ciberamenazas según Microsoft y Marsh

How to reinforce cyber threat management according to Microsoft and Marsh

Actualidad July 15, 2022

Although cybersecurity should be one of the top priorities for companies, it looks like they don’t appear that the goals are being correctly met. A recent study developed by Microsoft and Marsh shows that confidence in companies’ cyber risk protection has worsened. cyber threat management

However, that report also proposes several keys and practices for building cyber threat management. In this Befree blog post we comment on the most outstanding ones.

Fall of confidence

How confident are companies in their cyber threat management capabilities? This is the question that the report The State of Cyber Resilience, prepared by Microsoft and Marsh, has sought to answer. Nearly three years of workplace disruptions, digital transformation and ransomware attacks mean that most organizational leaders are no longer confident in their ability to manage cyber risk.

The study questioned more than 660 CEOs and cyber threat managers globally, and analyzed how risk is viewed and understood. According to the results, confidence in core risk management capabilities remains almost identical to that of 2019. Then, 19.7% of respondents stated that they were very confident. Today, that figure is down to 19%. Risk management includes concepts such as understanding and assessing cyber threats and preventing and responding to cyber attacks.

One reason for this is offered by Marsh’s Cyber Director Sarah Stephens: “There is a continued rise of ransomware in today’s tumultuous threat landscape. So it’s no surprise that many organizations don’t feel any more secure or confident in their cyber threat management now than they do in 2019.” On the other hand, only 43% of respondents said they had conducted a risk assessment of their suppliers or supply chains.

Keys to getting cyber threat management right

The same Microsoft and Marsh report offers a series of best practices, keys and tips for companies to achieve a good defense against cyber threats. Here are some of them:

1- Align the company’s objectives with the development of cyber resilience

A good way to strengthen cybersecurity is to associate its growth with the company’s own growth. To achieve this, the involvement of executive and department heads is essential.

Some of the report’s recommendations are that they engage in continuous, cross-functional communication regarding cyber risk threats. Their involvement in cyber threat management planning and post-incident reviews is also desirable.

2- Look beyond ransomware

Although ransomware is the most common cyberattack, that doesn’t mean you should stop focusing on the others. Executive leaders should receive regular updates on threats, but also pay attention to the issue themselves and approve strategies and courses of action in the event of cyberattacks.

For their part, department leaders can regularly monitor, review and share threat assessment updates, have a cyber incident response plan that is reviewed and tested annually, or participate in training exercises to help understand roles and responsibilities and how to act in the event of an incident.

3- More controls equal more security

This key is so simple that a glance at its title is enough to understand its purpose. The more security checks that are performed, the easier it is to detect what goes wrong and what works.

In this regard, CEOs should promote organizational risk management strategies that include the development and maintenance of security among all users. For their part, department leaders can use them to leverage synergies between cyber risk prevention tools and tactics.

4- Review and evaluate new technologies

Finally, the last tip relates to new acquisitions. New technologies should be evaluated and monitored on an ongoing basis, both before obtaining them and once they are implemented into the company’s operation.

The best way to do this is to assess whether the technology to be procured involves assumable risks or not. After acquisition, departments should be made responsible for monitoring their technologies. In addition, it is advisable to have the help of external experts during all these processes to avoid getting your hands caught.

Recent post

Read more
Read more
Read more