As we look back on 2020, it might be better to look forward to 2021. The invisible enemy we all face in Covid-19 is still here and offering challenges and opportunities across the globe in our business and personal lives.
From an IT perspective, we are also being constantly attacked by invisible forces.
With distributed workforces and new privacy laws, the requirements to focus and plan are becoming increasingly important for organisations at all levels, especially for executives and boards.
Proactive planning and support are always required in a technology perspective and cyber resilience is no different.
We have frequently mentioned this element of technology, but increasing digital dependency is amplifying cyber-vulnerability.
Cyber Resilience equates to being prepared for an attack: keep the business operating and have the ability to respond and recover. It also means, if there is an attack or breach, knowing what to do, who to notify, and who is to take action.
The new privacy act is hot on notifying rules and your IT team should be well across this. The Institute of Directors of New Zealand (IoD) has recognised that Cyber resilience is in the top five issues New Zealand organisations need to be across in 2021.
More IT leadership skills needed
Last year’s IoD Sentiment survey identified that 65 percent of Directors thought that their board did not have the right capabilities (skills and experiences) to lead their organisations into a digital future.
Big data, Internet of Things, data privacy, artificial intelligence machine learning, are creating great opportunities – but also require cyber resilience to be in force.
Regulatory authorities are making it clear that boards need to take more responsibility and oversight of cyber security and no longer can a director or trustee sweep it under the carpet, leave it to operations and take a she’ll be right attitude.
Organisations must have adequate cyber security measures in place, and this will more than likely have a flow on affect with insurance and other costs.
2020 saw some high-profile attacks from a variety of means and involved government agencies, NZX listed companies and even the NZX itself.
Attackers, hacktivists and ransom seekers, don’t really care about the country you are in or the size of the organisation – these invisible enemies attack a bunch of numbers, which can be targeted or random.
As mentioned in previous articles, your organisation is more than likely getting attacked right now and you need to make sure you have preventative measures and cyber resiliency in place.
Actions for 2021
Understand your data – what data do you have, how is it used, where does it come from, go to and what is the infrastructure, policies, and process in place to protect it?
Ensure enough digital capability in your team – operational and importantly at board level (including micros and small business) to stay on top of the risks, as well as the opportunities. Develop your team’s capability and / or seek expert, third party advice if needed.
Put cyber security on your agendas – operations and governance. It is a risk for the whole organisation – not just an IT issue.
Focus on people – Make sure owners and staff know that cyber security and data privacy are priorities across the whole organisation – provide regular reminders and invest in training. Cert.govt.nz provides a good starting point for information.
Test, measure and report – ensure comprehensive, accurate and timely reporting is received and test cyber resilience within the organisation on a regular basis.
Assess technology governance, business process and tools now.
With the new Privacy Act in place, senior management and ownership must have visibility and understand the cyber resilience framework. The new act introduces mandatory notification of breaches, so over the coming months we expect to see more reporting of these invisible attackers.