Most SME leaders like to think they have clear visibility of the major threats to their business. They are close to their business, keep a watchful eye on financial matters, and regularly identify challenges and find ways to solve them.
The reality is that each new application, network, partnership or business integration creates vulnerabilities for the SME itself, as well as the ecosystem of suppliers, partners and clients it does business with. Unfortunately, many leaders are caught in a blind spot when it comes to ensuring cybersecurity is as up to date as the latest online installations implemented to streamline processes.
To survive in these unchartered waters and use the benefits technology offers requires a new mindset and unified approach from all members of the supply chain and at all levels of business.
Start at the top: the CEO vs CISO
In large organisations, CEOs rely on the input and expertise of their specialist teams for the most robust and holistic solutions to secure their business. Even so, Unisys’ recent research “Cybersecurity Standoff” reveals that in businesses across Australia, CEOs and CISOs do not agree about the role of cybersecurity within the business. The disconnect is even winder in SMEs.
Many CEOs still view cybersecurity in tactical terms and fail to incorporate the need to protect essential assets, data, into strategic business planning. While 69 per cent of CISOs believe that cybersecurity is viewed as part of the organisation’s business plans and objectives, just 27 per cent of CEOs agree with this statement.
In business, confidence can be a powerful asset, unless the topic at hand relates to cybersecurity. For many SMEs and their leaders, this can create the misconception that a potential threat is unlikely, or worse, won’t have a significant impact on their business.
Adopt a unified approach to cybersecurity
Organisations must take a proactive and unified approach to securely manage their data and identify and isolate threats before they impact business continuity, partners, customers or citizens.
If business leaders don’t incorporate cybersecurity into their overall risk framework, they can’t respond effectively to threats across the supply chain ecosystem. For this to happen, it’s crucial that CEOs and CISOs speak the same language when it comes to cybersecurity.
Unisys recommends a security approach that spans six key pillars to protect critical digital assets and change cybersecurity culture within the business. They are:
- Technology – Establish a zero-trust environment: i.e. trust nobody and always verify permission to access systems, from both within and outside of the IT environment;
- Human behaviour – Use user and entity behaviour analytics to identify and modify risky data practices or activities and flag suspicious activity;
- Education – Introduce a “whole of organisation” approach to cybersecurity education from the top down. Use this as an opportunity to discuss cybersecurity’s value to the business;
- Eco-system roles and responsibilities – Create a layered environment where the focus is to constantly predict, protect, detect and respond to potential threats;
- Privacy – Ensure a culture of responsibility where all employees responsible for collecting, or with access to sensitive data (including executive leaders), understand compliance requirements;
- Policy – Clearly define secure data management expectations with all employees, suppliers and partners. Incorporate cybersecurity into the overall business risk framework.
Cyberattacks are inevitable. Having your name in the news isn’t. SMEs who take a proactive and unified approach to managing their data will be best placed to identify and stop threats before they impact business continuity, partners, customers or citizens.
Gergana Kiryakova, Industry Director Cyber Security, Unisys APAC
