More organizations are starting to view cybersecurity as a strategic risk. They have to-it's becoming unavoidable. Technology and the business are so intertwined. Regulators are issuing more compliance measures that include information security directives. And all the while, adversaries are relentless in their campaigns to compromise defenses to steal information, money, or otherwise create disruption.
No matter why an organization commits to improving cybersecurity, it's a good thing, because it helps to make the Internet safer for everyone. However, we see many businesses getting in the way of their own success because ofhowthey manage risk. Here are some common pitfalls:
As more organizations get serious about viewing cybersecurity as a strategic risk, they are looking to companies like Cisco for guidance and support. They are asking us to provide more than just technology solutions, but also advanced services developed around strategy and risk management. These services can help organizations better understand their unique risk posture, environment, and acceptance criteria, and enable them to implement controls-including technology products-to minimize uncertainty and maximize value, as opposed to just preventing loss.
Cisco IT GRC services, as an example, take a systemic and rigorous approach to strategic risk management. Using international standards for enterprise risk management, Cisco IT GRC services help security organizations raise their risk visibility and strategy from local, technology-focused analysis to a vision for managing uncertainty within their security programs. This enables organizations to make better and more empirically grounded decisions, escape the "risk as loss" trap that ignores opportunity costs associated with security, and align IT security risk management with the organization's broader risk management efforts.
According to the newly releasedCisco 2014 Midyear Security Report, if organizations want to succeed in the emerging Internet of Things world, where everything is increasingly interconnected and we are all highly dependent on the network, viewing cybersecurity as both a strategic risk and a formal process will be a business necessity. There's a lot of work to be done, to be sure. But we're starting to see progress on both fronts from many of the organizations we help to support. Cybersecurity is not only on their risk radar now, but also monitored with more vigilance.