Special 2023: Cybersecurity
Every time we hear about new incidents, new cyber-attacks globally and Chile is no exception, so in this scenario, managing risk and knowing how to efficiently manage an incident are challenges that we will address in this edition with different specialists from the national cybersecurity ecosystem, who contribute with their diverse perspective.
Before navigating the deep waters of cybersecurity, it is important to first visit the ocean that may come to mean the risks, how risk averse or risk accepting can our organization consider? This is a question that every company or institution must ask itself.
Avoid, reduce, transfer, accept, share, exploit, monitor or diversify are some of the approaches we can have in risk management, depending on its nature, the industry and the culture of the organization.
As early as 2012 NIST in the Guide for Conducting Risk Assessments (NIST SP 800-30 Revision 1) defines risk as a measure of the degree to which an entity is threatened by a potential circumstance or event. It is described in terms of the potential effects that would result from the materialization of the event and the likelihood that the event will occur.
In those years, talking about cyber risks in Chile was something that was done in few organizations and in a very secondary way in others. Years have passed, incidents have occurred and the current reality has changed. So much so that according to Kaspersky, in the period from June 2022 to July 2023, 27 attacks with some malware per minute were carried out in Chile.
Although there is still more progress to be made, there is no doubt that roles such as the CISO are now increasingly positioned within organizations, as a sign of the greater importance that is being given to cybersecurity.
So, with greater awareness, with companies more prepared and with technology becoming more accessible, what are the main challenges organizations face in managing risk today? [...]
Cybersecurity risk management, therefore, has become an increasingly arduous task, imbued with multidimensional challenges that intertwine and exacerbate each other.
The increasing complexity of computer systems and networks exponentially amplifies potential points of failure. As IT infrastructures evolve and expand, so does the attack surface, providing adversaries with fertile ground to exploit vulnerabilities, many of which can go undetected due to the vastness and interconnectivity of modern systems. This problem is compounded by the accelerating pace at which new cyber threats emerge. Malicious actors continually refine and adapt their tactics, creating an ever-changing threat environment that challenges even the most competent and up-to-date security teams.
This is even more problematic when considering the critical importance of employee training and awareness. Uninformed staff can easily become an entry point for attacks, making investment in their cybersecurity education crucial, yet often overlooked or underestimated.
The challenge extends beyond organizational boundaries due to increasing reliance on third parties, extending the risk to the supply chain. Organizations must not only focus on fortifying their own defenses but also ensure that their partners and suppliers maintain comparable security standards, which introduces an additional layer of complexity to risk management.
At the same time, regulatory compliance has become a minefield, with strict and constantly changing regulations that vary not only from sector to sector but also from country to country. Organizations, especially those with a global presence, must carefully maneuver through this patchwork of regulations to avoid severe sanctions and reputational damage.
Despite these challenges, organizations must maintain resilience by meticulously preparing for adverse incidents. This involves creating detailed response plans and constantly updating and testing them through mock incidents, a process that, while essential, is also resource-intensive."
In summary, Gutierrez notes that "cybersecurity risk management is a multifaceted and continually challenging undertaking, requiring relentless vigilance, adaptability and a deep commitment to education and preparedness. It requires a holistic approach that not only addresses technology and processes but also organizational culture and third-party relationships. Only by carefully navigating these intertwined challenges can organizations hope to effectively safeguard their valuable assets in an increasingly dangerous digital world."
To read the full article click here
We are committed to offer, create and devise cybersecurity strategies for our clients and prospects that allow them to have technology, tools, implementation services and managed services through our Security Operations Center (SOC). Learn more here
We share ideas on innovation and IT news and much more through our LinkedIn Anida Latam page.
