Saturday, January 28, 2023
  • Login
CEO North America
  • Home
  • Business
    • Entrepreneur
    • Industry
    • Innovation
    • Management & Leadership
  • CEO Interviews
  • CEO Life
    • Art & Culture
    • Food
    • Health
    • Travel
    • Environment
  • Opinion
  • News
  • Multimedia
No Result
View All Result
  • Home
  • Business
    • Entrepreneur
    • Industry
    • Innovation
    • Management & Leadership
  • CEO Interviews
  • CEO Life
    • Art & Culture
    • Food
    • Health
    • Travel
    • Environment
  • Opinion
  • News
  • Multimedia
No Result
View All Result
CEO North America
No Result
View All Result

KPMG: Really ready for a ransomware attack?

in Opinion
Kpmg: really ready for a ransomware attack?
Share on FacebookShare on Twitter

In the evolving landscape of cyber security, confidence can be a bad thing. That’s because, amid ever-escalating ransomware threats, a company’s success fending off an attack today does not guarantee it’s ready for a more sophisticated threat tomorrow.

With that realization, business leaders may wish to rethink their current ransomware preparations in light of the findings of the KPMG 2021 CEO Outlook. Many executives expressed confidence in their readiness for a ransomware attack. And many remain focused on cyber security plans that address yesterday’s threats, rather than taking steps to build resilience in their digital and now highly interconnected business environment. Building a resilient organization requires focus, persistence and discipline.

Ready for yesterday’s attack

Reflecting on the survey responses by 1,325 chief executives, it’s a positive sign that 65 percent indicate that they “have a plan to address a ransomware attack if faced by one.”

However, it’s revealing that only 28 percent “strongly agreed” with the statement, suggesting that most are not overly confident in their ransomware preparations. That, in my opinion, is a good thing, since it would be naive to consider one’s company “unsinkable”, with the waters ahead full of increasingly disruptive ransomware hazards.

I see this cautious mindset in my recent client interactions, as senior executives state modestly, “I only know that there are many things I don’t know.” In response, I compliment their current state of ransomware preparations, and then ask if their plans truly consider the changing nature of ransomware threats and their connected business ecosystem.

This can inevitably lead to deeper conversations about the gaps in their plans. Often, their primary weaknesses relate to inadequate detail in their overall response plans, resulting from limited mapping of technical to business considerations, followed by the absence of embedded, continuous improvement capabilities and focus on the topic. As a result, an organization can be “ready-ish” to respond to yesterday’s attack — not tomorrow’s.

Making ransomware risk real

For most executives, a ransomware attack simulation is an eye-opening event. Not only do these simulations reveal how their companies lack sufficient safeguards to defend against the latest techniques, but they also uncover vulnerabilities — or assumptions made — that can reduce the company’s ability to recover.

For instance, when huddled in the simulation war room, business leaders suddenly realize they don’t have sufficient information to quickly identify the business impact of an attack on end-to-end services. There are often assumptions built around individual systems, but rarely are there real plans behind more extreme scenarios. And since the organizations have not clearly mapped the linkages and dependencies between their infrastructure and business services and channels, senior leaders find themselves flying blind, unable to calculate the impact on their operations, production or customers until calls or complaints start coming in.

Along with an inadequate line of sight to assess the problem, these companies often lack sufficiently detailed and tested business resumption plans to work around a system outage for an extended time. As the time extends, even more difficult questions can start setting in — what their assumptions are around returning to basic functionality, how long can they operate manually, what is going to be the minimal viable products they can offer their customers and for how long, what do they do with the data and how do they deal with integrity issues. These are just some of the new questions that typically start to circulate in boardrooms.

Also, as the period extends and the damage to the business becomes more apparent, further considerations start to kick in that are typically not supported by pre-approved protocols and decision trees. Most identify that procedures and pre-agreed principles would have been beneficial to help senior leaders act prudently and promptly (including pay or don’t pay decisions) based on varying severity scenarios and aligned with their domestic and global legal and regulatory obligations.

While these simulations usually prompt startled executives to patch any holes in their current preparations, the next question is, “How will they sustain these security measures as cyber-attacks grow more sophisticated and their company exposure increases in a digitally-connected business and technology ecosystem?”

Creating true cyber resiliency

To the business leader who now asks, “How can we strengthen our cyber security capabilities for today and tomorrow?”, I often recommend actions focused in three key areas:

Scrutinize operational resilience programs. Align the broader digital resilience topic with operational resilience programs. Ensure there is alignment within the organization across the broader topics and bring together the various stakeholders to help ensure that disruption scenarios are clearly documented and detailed; dependencies and risks are adequately mapped; legal, regulatory and insurance issues are well understood; and appropriate policy and procedures are in place to aid mid-crisis decision-making.

Invest in resilient technology platforms. Understand the existing challenges your infrastructure and technology platforms may face in the specific disruptive scenarios, consider alternative setups and cloud-based systems with air-gapped/micro-segmented environments that are well-protected against attack, better able to support business recovery in a threat situation, and scale up as threats and demands shift and grow.

Strengthen operational response capabilities. To help address the gamut of detailed technical and business requirements needed to seamlessly operate during an incident with the least impact on operations and business, it’s important to become an adaptive and resilient organization. This includes implementing in-depth operational and communication protocols to reassure stakeholders, continuing critical services and resuming impacted services within tolerance levels.

Interestingly, to be effective, each of the activities requires greater integration and cooperation among technology and business teams so that the resulting plans take into account both business and technology considerations. This speaks to the need for deep organizational culture change by which cyber security, technology and business team members and strategies are coordinated or embedded.

It’s also noteworthy that, as revealed by the KPMG 2021 CEO Outlook, less than half of global business leaders are focusing on these very activities. For example, less than half of CEOs surveyed for our 2021 CEO Outlook say that, over the next 3 years, they plan to “strengthen governance and operational resilience and their ability to recover from a major incident” and “invest to develop secure and resilient cloud-based technology infrastructure”.

In addition, about one third of CEOs surveyed plan to “embrace automation to streamline and optimize security and technology risk management”, and just over a quarter of CEOs will “embed security and resilience principles into the design of future systems and services”.

Although it’s encouraging that nearly half of executives will “focus on improving skills in cyber security” and “establish a strong digital and cyber risk culture”, these actions are becoming table stakes in readying a company for ransomware threats. When you consider that current ransomware attacks began percolating in the minds of cyber criminals 5 years ago, it’s clear that businesses should think 5 years forward to be ready for far more nefarious attacks.

Planning for yesterday’s ransomware attacks simply won’t be enough to safeguard digitally powered organizations. Fortunately, the KPMG 2021 CEO Outlook suggests that there’s a healthy dose of doubt in the minds of business leaders, which can help drive the effort required to create cyber resilient organizations for the years ahead.

(Courtesy KPMG/By Dani Michaux)

Tags: cyber attacksransomware

Related Posts

Four key competencies for new world leadership that your c-suite needs now
Opinion

Four key competencies for New World leadership that your C-Suite needs now

Work has changed, but leaders aren’t ready, deloitte says
Opinion

Work has changed, but leaders aren’t ready, Deloitte says

Want better leaders this year? Make sure they genuinely listen to staff
Opinion

Want better leaders this year? Make sure they genuinely listen to staff

Should we give extra sick days to employees who can’t work from home?
Opinion

Should we give extra sick days to employees who can’t work from home?

America’s new era of industrial policy
Opinion

America’s New Era of Industrial Policy

Could remote work help curb inflation?
Opinion

Could Remote Work Help Curb Inflation?

Toward a racially just workplace
Opinion

Toward a Racially Just Workplace

Why it’s time to elevate your supply chain chief to the c-suite
Opinion

Why it’s time to elevate your Supply Chain Chief to the C-Suite

Today’s most critical workplace challenges are about systems
Opinion

Today’s Most Critical Workplace Challenges Are About Systems

Recruiting trends that will define 2023
Opinion

Recruiting Trends that will define 2023

No Result
View All Result

Recent Posts

  • Ford recalls 462,000 vehicles for rear camera display failure
  • US inflation and consumer spending fall for 2 straight months
  • Zoom fatigue finally revives travel for in-person company meetings
  • Fast food fans may face liver damage
  • Food delivery wars: Duke professor says there’s a better way

Recent Comments

    Archives

    Categories

    • Art & Culture
    • Business
    • CEO Interviews
    • CEO Life
    • Editor´s Choice
    • Entrepreneur
    • Environment
    • Food
    • Health
    • Highlights
    • Industry
    • Innovation
    • Issues
    • Management & Leadership
    • Multimedia
    • News
    • Opinion
    • PrimeZone
    • Printed Version
    • Travel
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    • CONTACT
    • GENERAL ENQUIRIES
    • ADVERTISING
    • MEDIA KIT
    • DIRECTORY
    • TERMS AND CONDITIONS

    Editorials – stuart.james@ceo-na.com

    Editor-In-Chief – caroline.sposto@ceo-na.com

    Editorials – editorials@ceo-na.com

    Advertising – media@ceo-na.com

    NEW YORK

    110 Wall St.,
    3rd Floor
    New York, NY.
    10005
    USA
    +1 212 432 5800

     

    MEXICO CITY

    Paseo de la Reforma 296,
    Floor 38
    Mexico City
    06600
    MEXICO

    • CONTACT
    • GENERAL ENQUIRIES
    • ADVERTISING
    • MEDIA KIT
    • DIRECTORY
    • TERMS AND CONDITIONS

    Editorials –
    stuart.james@ceo-na.com

    Editor-In-Chief –

    caroline.sposto@ceo-na.com

    Editorials – editorials@ceo-na.com

    Advertising –
    media@ceo-na.com

    NEW YORK

    110 Wall St.,
    3rd Floor
    New York, NY.
    10005
    USA
    +1 212 432 5800

    MEXICO CITY

    Paseo de la Reforma 296,
    Floor 38
    Mexico City
    06600
    MEXICO

    CEO North America © 2022 - Sitemap

    No Result
    View All Result
    • Home
    • Business
      • Entrepreneur
      • Industry
      • Innovation
      • Management & Leadership
    • CEO Interviews
    • CEO Life
      • Art & Culture
      • Food
      • Health
      • Travel
      • Environment
    • Opinion
    • News
    • Multimedia

    © 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In