Accelerating digital transformation introduced the technical complexity of newer technologies such as robotic process automation, metaverse, artificial intelligence, machine learning and data-driven platforms.
According to Daminda Kumara, head of security for Commonwealth Superannuation Corporation, organisations now have bigger technological footprints – such as multi-cloud environments or multiple Integrations platforms which increase the attack surface for cybercriminals.
“During the pandemic, we’ve seen an increase in organisations going through a digital transformation process to improve customer experiences., ‘ he said.
Kumara believes that even within this changing landscape, ransomware remains the most significant threat for most organisations globally.
“Attackers still exploit easy methods to get in, primarily email (phishing attacks). However, phishing emails are increasingly well-crafted and sophisticated, and can bypass the first two layers of controls for emails, such as email filters and the user.”
Complexity
To add to the complexity of the task facing CISOs in many organisations, the Commonwealth’s critical infrastructure legislation had created new compliance requirements.
“Organisations must have an incident response plan and playbook with the reporting timeline documented at any given time. Reporting requirements will drive organisations to be prepared and test the incident response plan periodically.”
Beyond that, the cyber team must have access to legal expertise during the incident response to define the critical cyber incident and other cyber incidents, he noted.
Technology is only one part of the solution, he says.
“It is essential to focus on people, processes and tools in that order. In my view, organisations need to build a risk culture at every level of the organisation, with executive buy-in, and cyber risk must be part of this culture.
He told iTnews, “Cyber risk is very similar to safety risk, and organisations should focus on zero cyber harm for staff and customers. Also, in my experience, aligning actions to consequences has a significant effect on driving accountability.”
Interconnectedness
Organisations are increasingly enmeshed in a wider ecosystem, which also creates challenges.
“I firmly believe collaboration across all departments to be cyber secure is the best measure of success for an organisation's cyber security program.
"For example, during any legislative changes, representatives from all departments collaborate to understand the impact of the changes across the entire organisation.
"It’s then straightforward to develop a joint action plan to address any department challenges and steps to comply with the legislation.
"When the action plan is a combined effort, execution is less complex as stakeholders operate as part of a cohesive team,” he said.
.png&h=140&w=231&c=1&s=0)
