Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

2020 has brought with it immense change across the cybersecurity risk landscape. The effects of the COVID-19 pandemic are still ongoing, and the opportunities for new cybersecurity risk areas to emerge are more real than ever.

The perfect storm of strained resources in organizations’ Security Operations Centers (SOCs) as corporations virtualize their workforce, due to increased complexity within supply chains have cybersecurity risks emerging from every angle. Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) need to have visibility into their cybersecurity posture now that the cybersecurity risk landscape has drastically changed. 

Knowing where you stand against cybersecurity best practices and then remediating effectively are two steps to boost security across organizations, as detailed in a previous post. Before doing your first cybersecurity risk assessment, it’s essential to keep up-to-date with where adversaries are targeting and understand the risk of changes in the current landscape. Focusing your efforts will help you inform your cybersecurity risk management strategy for 2020 and beyond.

Cybersecurity Risk in the Supply Chain

Supply chain attacks were up 78% in 2019, according to Symantec, and that exponential increase isn’t slowing down anytime soon in 2020. Supply chain cyber security is a constant area of focus for many enterprise organizations. 

Organizations without dedicated vendors or third-party risk teams often have difficulty assessing their supply chain's posture. The complexity created by increased digitalization, business growth, and third-party vendors increases the need to protect sensitive information, including financial, personal, and strategic information such as intellectual property. 

COVID-19 spurred travel restrictions that limited the number of assessment organizations and managed service providers that could perform onsite assessments, creating a gap in the supply chain security program’s activities. Some businesses are approaching this issue by asking suppliers for reports on how they have changed their cybersecurity risk management strategy to accommodate these changes. If possible, vendor risk management teams are encouraged to track supplier cyber risk posture with risk assessments and security controls, policies, and procedures managed in a single system of reference, such as an integrated risk management (IRM) solution. 

75% of the Fortune 500 will treat vendor risk management as a Board-level issue by 2020. - Gartner

 

Especially for organizations that partner with a lot of small businesses, which are most at risk for cyber attacks, knowing where the security gaps in the supply chain lie is critical to directing suppliers to meet low-hanging-fruit cybersecurity best practices from multi-factor authentication to scenario planning. As much as security leaders hope the supply chain will promote proactive cybersecurity whenever possible, it’s best to be realistic about what cybersecurity risk areas exist and to communicate these risks to leadership before they manifest, especially in economic uncertainty.

Cybersecurity Risk in Being Human

In times of crisis and uncertainty, cybersecurity teams must stay alert and proactively work to make sure that employees across their organization are not caught with their guard down. This effort takes many forms, but the two that show great promise during times such as these are awareness and training and prioritizing employees' mental health. 

cybersecurity risks 2020

Ultimately, cybercriminals are looking to exploit areas of weakness - whether it’s forgetting to turn on 2FA or clicking on a link in a seemingly innocent email. Both of these examples of opportunities for cyber incidents are what most would describe as human error. Implementing a virtual awareness and training program, or holding weekly security training detailing the most common cyber attacks and how to spot them in the day-to-day may be what organizations need to stay alert and aware as change continues to occur. 

Especially in sectors such as hospitals and healthcare, prioritizing awareness and training is essential (if you're in the healthcare sector, check out our PDF of the most common attacks during times of crisis and security controls to prioritize during the COVID-19 pandemic PDF). The DDoS attack on Health and Human Services was only the beginning. It’s also worth noting that while many of these data breaches are designed to manifest quickly and cause disruption quickly, some of the most sophisticated state actors will be taking advantage of organizations that are preoccupied with maintaining day-to-day operations and shifting to remote work by taking a longer-term approach to creating disruption. For example, some sophisticated cybercriminals will plant malware inside a piece of critical infrastructure, only to manifest it months later.

Human error comes about in a variety of ways, and the data shows that it’s not just awareness and training that can make all the difference. The other area to focus on - mental health - may not be talked about as much, but in unprecedented times like those we’ve experienced in 2020, it’s more important than ever to support employees’ need to rest, reflect, and spend time offline. Positive morale and the mental agility and alertness that come from a healthy psyche are largely the responsibility of managers and the employer. 

Building a healthy and balanced culture during times of uncertainty could help avoid the opportunities for cybercriminals to exploit employee mishaps - an employee’s mindset could be the difference between engaging with phishing attacks touting “Coronavirus News” or spotting that attack right away.

Cybersecurity Risk in Corporate Governance

The interconnected risks that have been fueled by the events in 2020 require greater oversight from information security and cybersecurity teams, security and risk leaders, and executive management from the C-Suite to the Board of Directors. One clear area of cyber security risk in 2020 will come from the inability of corporate governance functions to have the same level of efficacy that they had when meeting in person. 

If Board members fall ill or are unable to fulfill their duties, there must be a plan. Organizational leadership must be confident that their business will be able to maintain operations regardless of environmental or cybersecurity incidents alike. Executive meetings must be organized in virtual or hybrid ways while still maintaining their ability to work as a team and react quickly and precisely in times of crisis, especially if a cybersecurity event occurs, but even simply continuing to sign off on day-to-day initiatives without additional delay. 

Creating a cyber area clear of confusion with distinct incident response plans and maintaining cybersecurity governance through a risk management process like IRM is recommended for leadership regardless of the business scale. In addition, linking the reality of cybersecurity risks to impacts on the bottom line - and measuring Return on Security Investment (ROSI) if possible - is critical while trying to maintain growth and financial stability during economic uncertainty and still managing cyber threats. 

About CyberSaint’s Integrated Risk Management Approach

CyberSaint’s mission is to empower all organizations to build a cybersecurity program that is as clear, actionable, and measurable as any other business function. CyberSaint’s CyberStrong platform empowers teams, agencies, and government leaders to measure, report, and mitigate risk with agility and alignment, even in the most uncertain times.

The CyberStrong platform is a flexible, agile system through which security teams and organizational leadership align to build cybersecurity resilience and boost productivity. The platform’s ability to simplify even the largest enterprise continuous assessment projects has organizations achieving audit, risk, third-party, and regulatory compliance objectives with remarkable results.

CyberStrong’s near-immediate implementation time, ability to put cybersecurity posture in the context of organizational objectives, continuous monitoring capabilities, and breakthrough Machine Learning automation have CyberSaint highlighted as “an example of a technology provider that demonstrates a vision for addressing emerging risks associated with cybersecurity”.

You may also like

Putting the “R” back in GRC - ...
on October 22, 2024

Cyber GRC (Governance, Risk, and Compliance) tools are software solutions that help organizations manage and streamline their cybersecurity, risk management, and compliance ...

October Product Update
on October 17, 2024

The team at CyberSaint is thrilled to announce the latest additions and updates to the CyberStrong solution. To start off, we’ve made it easier to create an assessment and risk ...

Transforming Cyber Risk ...
on October 12, 2024

In today’s complex cyber landscape, managing risks effectively isn’t just about identifying threats—it’s about understanding their impact and knowing how to prioritize ...

Step-by-Step Guide: How to Create ...
on September 23, 2024

Cyber risk management has become more critical in today's challenging digital landscape. Organizations face increased pressure to identify, assess, and mitigate risks that could ...

From Fragmentation to Integration: ...
on September 17, 2024

Organizations are often inundated with many security threats and vulnerabilities in today's fast-paced cybersecurity landscape. As a result, many have turned to point ...

How to Create a Comprehensive ...
on September 9, 2024

Cyber threats are becoming more frequent, sophisticated, and damaging in today's rapidly evolving digital landscape. Traditional approaches to cyber risk management, which often ...