3 Strategies to Combat Cyber Risk

Nearly all organizations are undergoing digital transformation today. From consolidating technologies to migrating to the cloud and re-engineering business processes and applications, each advancement comes with new cyber risks. “Cyber risk management 2.0,” experts at September’s CDW Executive SummIT in Dallas said, is about making security an enterprise priority.

To prepare for what’s ahead, organizations will need to guard against large-scale systemic cyberattacks through continual monitoring and testing, optimize existing software, and increase funding for security tools by making zero trust a business strategy.

The term comes from the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model Version 2.0, released in April. It outlines a set of cybersecurity mandates, industry-specific certificates and cyber rules IT leaders must adhere to as they incorporate zero-trust standards across the enterprise. The crux includes automation, integration, visibility and a proactive management of threats.

“Can you see what's going on in your environment? And when you see something, how quickly can you react?” Peter Romness, cybersecurity principal in the CISO Advisors Office at Cisco, told BizTech at the SummIT. “The idea of this extended detection and response is to drive this integration, drive this automation, so that all of your tools are reporting into one place and all of your threat intelligence can go into that one place, so that when there is something new, you can find it easier.”

As IT leaders work towards zero-trust maturity, here are three cyber risk strategies that organizations can use to plan for future threats.

1. Disrupt Systemic Cyber Risk

Any attack that threatens disruption, downtime or data loss at scale can pose a significant threat. This kind of large-scale attack is known as a systemic cyber risk. To stop these, Marcos Christodonte II, vice president and global CISO at CDW, recommends reducing avenues of potential entry, removing nonessential connections and minimizing concentration risk by diversifying your asset portfolio.

“When you define these particular secure patterns, you want to make sure you enforce them and you want to continuously test all the time to identify deviations,” Christodonte II said at the CDW Executive SummIT. This is the best way, he says to “manage the proliferation of risk.”

2. Blend Cyber and Business Risk Language to Increase Resources

Cybersecurity defense tactics can be costly, but having shareholder support can help. That’s why experts at the summIT recommended aligning your cybersecurity program to the larger conversation your board may be having about operational resiliency.

It starts by sharing the risk potential of cyberattacks with the executive team and board of directors, said Buck Bell, executive vice president of CDW’s Global Security Strategy Office.

Experts recommended blending cyber and business rhetoric so that security is discussed through the lens of business value. You can also align security costs to customer acquisition and retention costs by making the case that these are “cost of sales” and R&D expenses.

“An unsecure environment creates too much risk for our own company, but also, in many cases, for our customers who are counting on their data,” Bell said. Once you make security a requisite for customer retention, you can garner greater resources for security programs.

3. Optimize Existing Software and IT Resources

Rather than rushing to purchase new security tools, which can create new vulnerabilities in your network, update your existing resources first. Your current tech stack is already compatible with your IT foundation, and automating the basics and leveraging native solution capabilities can only elevate it further.

“You have an equal or greater chance of providing more value than sometimes procuring a new solution,” said Christodonte II. He added that this strategy is not only cost-efficient, it’s a practical action that strengthens your cyber risk readiness.

As organizations leverage these tactics, it’s important to remember that bolstering security is a continual process, and it may be necessary to adjust your strategy as new tech is folded into your existing IT foundation and threats arise. As John Candillo, field CISO at CDW, notes in a recent blog post, “It’s important to remember that zero trust is a guiding philosophy, not a single architecture. Implementing zero-trust best practices and principles is a journey in which your organization consistently works toward achieving higher levels of maturity.”

Working with an expert partner with deep expertise in zero-trust strategy and developing a cybersecurity roadmap can help. With this kind of support, businesses can customize defense tactics to fit their business needs and build a zero-trust mindset across the organization.

Story by Lily Lopate, a Senior Editor at BizTech magazine. She follows tech trends and the IT leaders who shape them, reporting on enterprise-level business, security and thought leadership. She frequently interviews CDW experts, partners and customers about the evolving threat landscape and brings their insights, stories and IT solutions to the page to share with readers.