Our first cybersecurity summit, the Panda Security Summit (#PASS2018), is approaching fast, and will feature talks from key figures in the sector, such as Nicola Esposito, Director of Deloitte’s CyberSOC EMEA Center. In his lecture, “Keys for a more attentive, safer and resilient organization in the face of advanced cyberthreats“, Esposito will explain how Deloitte, from its Cyber Risk area, helps organizations to strengthen their risk and security management program. In advance of the summit, we asked this expert about resilience in the corporate cybersecurity environment.
What are the most significant advanced threats facing companies today?
Advanced threats combine numerous tools, techniques and targeting methods. Malware is currently one of the major threats due to its capacity to spread rapidly across an organization and even around the world.
Which aspect of resilience would you say is most important for the security of companies?
You can’t single out one aspect. All of them (prevention, detection, containment, response and continuous improvement) have to be taken into account to adopt a serious approach to IT security. In line with this approach, and in order to offer its customers an end-to-end solution, Deloitte has developed its Common Storefront based on the four areas of Strategy, Security, Vigilance and Resilience.
How can the creation of an integrated and connected ecosystem contribute to improving corporate security infrastructure?
The creation of this ecosystem can help make companies more secure and become part of a chain of security. This is one of the reasons why Deloitte promotes the Threat Intelligence network, so as to share indicators of compromise (IoCs) and increase the detection capacity of customers. Such networks allow these IoCs to be shared practically in real time, and consequently reduce the time of exposure to the corresponding malware.
What risks do non-resilient companies face?
Non-resilient companies are probably not taking cybersecurity risks seriously. This is the biggest challenge. Once a company’s management recognizes the threat, it needs a trusted partner to set up a robust security program. So the second challenge is to find a partner able to guide you along a potentially complicated path.
What are the keys to creating resilient companies?
The key to resilience is having a mature strategy and a good partner. With a mature strategy you can address risks in the proper way, starting with business risks and not focusing on them directly from the technological perspective. This strategy should include the values mentioned earlier: Security, Vigilance and Resilience. It is also important to have partners with a global vision, who understand the scope of current threats, and have end-to-end capabilities to understand business risks, advise customers accordingly, and implement and operate the technologies to make their business resilient.
What is the risk of ignoring resilience?
The greatest risk is the likelihood of being hit by a cyberattack and the inability to recover from it. It is not just that critical systems are compromised, there is also the potential damage to brand reputation, which in some cases may take years to restore. There are also risks associated with regulatory compliance, which are related to the security controls implemented in every company.
To what aspect of cyber-resilience should we pay most attention?
The aspect of resilience that is often ignored, or not adequately considered, is detection. Mainly because detection means having visibility, and to have this, you have to understand where and how to pay due attention to all the other sections that comprise cyber-resilience.
At Panda we know that detection and the response to attacks is essential to business cybersecurity. That’s why tools such as Panda Adaptive Defense guarantee the protection of aspects that could sometimes be overlooked. To bolster cyber-resilience, Nicola Esposito will be taking part in the Panda Security Summit on May 18 in Madrid. Don’t miss it?