How well does your company manage risk? According to the most recent risk report from the Ponemon Institute titled The Challenging State of Vulnerability Management 2019, the average company remains ill-prepared for the types of threats that are common in today’s risk-filled business environment.
- Only 33% of IT leaders know the exact storage location of their critical data
- Just 34% of companies employ staff that can reliably identify and resolve threats
- It takes an average of 50 days to resolve a malicious attack
- The average company has seen a 27.4% year-over-year increase in security breaches
Dr. Larry Ponemon, Founder of the Ponemon Institute, explained the findings recently during a webcast with ServiceNow. Today's IT leaders are struggling to keep up with where their critical data is stores, staffing security experts, and addressing vulnerabilities when they occur. And most of them say the main problem is human error.
Even more unsettling are the responses to awareness. When asked if the organization was aware it was vulnerable prior to a breach, only 39% said they were. Even more maddening is the fact that patches were available for 60% of the breaches that occurred.
With these unsettling statistics in mind, here are some ways your company can prepare for security risks and integrate built-in security features into your risk management framework (RMF).
Seek End-to-End Visibility
First, it’s important to ensure that you have full visibility into your cyber risk management system. How easy is it for you to see your risks throughout your setup? Where are your vulnerabilities? What are your most urgent issues?
If these questions are hard to answer, that should be a huge red flag. The authors of a study by Deloitte concluded that cybersecurity visibility should be the #1 priority of a risk management program and it’s the “new normal.”
Visibility into your system can be remedied with a system of workflows and dashboards like those provided by Cybersecurity Manager:
Visibility must be possible across your entire enterprise regardless of users, locations, systems, or devices. This the meaning of true end-to-end visibility.
Formalize Your Cybersecurity Processes
It’s not unusual for a company to have thousands of vulnerabilities that have been unaddressed for a long period of time. Sometimes they come to light during a routine system scan and sometimes they become glaringly obvious after a cyberattack or other security crisis. But one thing is for sure, the volume of attacks is not slowing:
What kind of formalized remediation process does your company use? In many businesses, there is no established protocol for resolving issues. Whoever is on duty and hears about the problem and is expected to handle it. There may or may not be much accountability.
But scattershot risk management can be a company’s downfall. When there is no formal procedure in place to deal with daily issues, there is far less chance of a permanent resolution to persistent security problems. That’s incredibly risky.
Recently, after just 18% of all businesses scored a “high” ranking for cybersecurity, the US Securities and Exchange Commission (SEC) issued the following summary statement to U.S. businesses:
“Cybersecurity risks pose grave threats to our investors, our capital markets, and our country.”
The SEC calls cybersecurity a “party crasher” that is unpleasant to talk about but can deeply affect a company’s financial stability and even its ability to stay within the law. Companies must invest in cybersecurity systems that close security gaps and minimize risk.
Support Your Staff With Tech Tools
Here’s an innovative option for keeping your company prepared for almost any kind of cyber risk. Stave Cybersecurity Manager is a workflow tool that is highly effective at monitoring complex business systems.
Plus, it receives a constant stream of updates, including real-time Information Assurance Vulnerability Alerts (IAVAs) and Information Assurance Vulnerability Bulletins (IAVBs) from the U.S. Cyber Command. Cybersecurity Manager helps prevent catastrophic breaches, but also provides the kind of everyday security that is required for a robust RMF.
Want to talk to an expert?
Get to know STAVE Cybersecurity Manager