VivaTech, in partnership with McKinsey & Company, is publishing a series of monthly articles looking at breakthrough technologies.
In the last few days, hacking group APT29 allegedly targeted organizations involved in coronavirus vaccine development and Twitter faced their worst security breach ever.
No wonder that according to a prior McKinsey survey, 75 percent of experts, across many industries, consider cyberrisk to be a top concern. Until recently, financial firms were the primary targets. Today, due to digitization and automation, the threat is universal: major changes in working conditions, and the greater use of online services have made it harder for companies to maintain security:this poses new challenges for chief information security officers (CISOs).
Digitization of all industries increases the risk of cyberattack
All industries face greater exposure to cyberthreats due to increasing digitization.
For example, in the airline industry, digital innovation across the value chain—combined with the sheer volume of customer data airlines possess—has made them a hot target for cybercriminals. In 2019, the United Kingdom imposed a $230 million fine on a European airline for a breach caused by security vulnerabilities in its website.
The COVID-19 pandemic has increased cyber risk
Physical distancing means many workers are staying home and making greater use of videoconferencing services, collaboration platforms, and other digital tools to do business. All these behaviors put immense stress on cybersecurity controls and operations.
Several major vulnerabilities stand out:
- Work-from-home arrangements have amplified long-standing cybersecurity challenges;
- Social-engineering ploys are on the rise, with fake help-desk teams for instance;
- Cyber attackers are using websites with weak security to deliver malware;
To remain vigilant and effective, chief information security officers (CISOs) will need new tactics.
How can leaders deal with cyber risk?
Given the acceleration of cyber attacks, managers must set priorities and sequence to manage cybersecurity and digitization investments in four main areas:
- Assessing vulnerabilities;
- Reviewing cloud architecture and security capabilities;
- Muscling up incident response and recovery capabilities;
- Prioritizing a cybersecurity budget.
The content of this article is based on the Cybersecurity article originally published in collaboration with McKinsey & Company.