Overcoming Cybersecurity Silos when Developing a Risk Management Program
Seven Recommendations to Help Organizations Avoid Them
Cyber risks are evolving and becoming more sophisticated. To combat an ever-changing threat landscape, organizations must work harder than ever to defend against bad actors.
This endeavor should start with a sound risk management program that’s based on industry gold standards and best practices, such as the National Institute of Standards and Technology Cybersecurity Framework (CSF). Developing, implementing and managing a solid risk management program effectively can be challenging for any firm, regardless of size.
Many organizations mistakenly create cybersecurity silos when trying to manage their risk program effectively. Silos can be attributed to many factors, such as a communications breakdown and lack of collaboration between internal departments within a business or government agency.
Another factor is the lack of interconnectivity between the many products, tools and services organizations might use across different business units to manage risk. Products, tools and services that don’t operate cohesively make sharing risk data difficult, if not nearly impossible. The gaps created by this lack of cohesion can leave a firm more vulnerable to cyber attacks, which can be extremely costly.
Recent data from IBM shows the average data breach can still take a nasty toll. IBM’s findings show the average cost of a data breach in the U.S. is estimated to be $8.19 million.
To help avoid cybersecurity silos, TalaTek believes firms should consider these recommendations:
- Share cyber risk information across organization
- Adopt a cybersecurity framework
- Define governance through risk and compliance goals aligned to business incomes
- Establish holistic/consistent cyber risk reporting and governance
- Form security partnerships within an organization
- Don’t duplicate services for specific activities across an organization
- Develop adaptable solutions to fit all work groups