Cyber Security Optimisation In Organisations - Pwc
December 2020Cyber in PerspectiveSecuring thefuture of businessCyber security optimisation in organisations
IntroductionBusinesses today are transforming their ways ofworking and redefining the future of their operations.They are migrating towards a ‘work from anywhereand anytime’ model of operation, with an increasingfocus on utilising low-touch business solutions.There is also increased focus on business resiliencein order to strengthen systems and processes sothat they operate seamlessly during a crisis.Rapid diglitalisation across organisations hadalready made them prone to cyberattacks. TheCOVID-19 crisis has resulted in an increase in thenumber of cyberattacks on organisations. Alongwith a surge in cyberattacks, there has also been ashift towards more sophisticated attacks that seekto exploit the chinks in the armour exposed by thetransformation process that is under way. Such ascenario requires organisations to enhance theircapabilities in order to successfully navigate theincreased threat surface, ensure protection of theirdata and smoothly continue business operations.The COVID-19 crisis has impacted a number oforganisations and increased cost pressures. Thecrisis has also made it imperative for organisationsto enhance their cyber security capabilities on theone hand and optimise cyber security resources onthe other.2 PwC Securing the future of business
Organisations are focusing on how to deal withthe dichotomy between cost reduction andcyber security optimisationFactors behind cyber recalibrationBusiness objectivesTransformation to adapt to thefuture of businessIncreased cost pressureEnhancing cybersecurity capabilitiesEver-increasing cyber threatlandscapeIncreased COVID-19 themedattacksOptimising cybersecurity resourcesShift in cyber security prioritiesSecurity optimisation across areas will help businesses achieve their objectives.Securitytechnology3 PwC Securing the future of rityprocesses
Security optimisation is the key to secure thefuture of businessSecuring the futureof businessAutomation ofsecurity processesAgile securityorganisation4 PwC Securing the future of businessSecurity technologyoptimisationOptimised securityoperations
Security technologyOrganisations are struggling to optimally utilise their implemented security technologies. Often, there are overlaps insecurity technologies as well as underutilisation of tools and technologies.Organisations need to focus on understanding their security technology landscape and identify areas wheresecurity technologies can be optimised either through consolidation and enhancement, or by leveraging opensource and light-weight start-up solutions.Optimised security operationsAt an overall organisational level, the costs of security operations and management are increasing due to the widerthreat landscape. Traditionally, organisations build all of their operational services in-house on a fixed-cost model.However, this approach has led to increased costs, administrative burden and the additional hassle of managing alarge set of internal tools, technologies and in-house resources.There is scope for improvement in the way organisations handle security operations and associated costs. Theycan explore other avenues such as managed security services, cloud-based service delivery and transaction-basedpricing models.Agile security organisationDue to the cyclic nature of most businesses, it has been observed that required skills are dynamic and change withtime. Skills related to cloud technologies, orchestrated response and emerging technologies are becoming moreimportant. While organisations may hire people skilled in operating new technologies, upskilling and cross-skillingexisting resources are more efficient, considering evolving requirements.Organisations may consider engaging external experts as chief information security officers (CISOs) in othersecurity roles to optimise the costs of hiring and training. Additionally, there is scope to leverage existing resourcesin cross-functional teams to build extended teams and support security requirements during critical situations.Automation of security processesSecurity teams in organisations spend a lot of time performing low-intelligence routine tasks. Also, mostorganisations do not have centralised security teams, leading to a disintegrated view of the organisational securitylandscape. Organisations need to move away from such siloed processes for security management and graduallyshift towards a more cohesive approach, with automation as the basis of security processes and operationsmanagement.Automation technologies help in decreasing the administrative burden related to manual handling of certain aspectsof security processes. Leveraging these technologies as the foundation for managing security processes will notonly optimise the effort and resources required for maintaining cyber security across organisations, but also help inreducing the overall error rates and associated security risks.5 PwC Securing the future of business
Security technologyoptimisationSecurity technologies have continuallyevolved to meet the growing demandsof an increasingly changing threatlandscape.While it is necessary to implementsecurity technologies across anorganisation to protect it against theevolving cyberthreat landscape, it isalso important to understand the overallsecurity posture of an organisation andoptimally deploy security technology.Security technology optimisation is the quickestmethod to optimise cyber security for an organisation.Typically, organisations have focused on creatingmultiple layers of security and using a combination ofsecurity products, design principles, manual controlsand routine checks to manage their overall securityposture.Organisations that have been on the cyber securityjourney for a significant period of time will understandthe need to regularly take stock of their security stack.Security tools and solutions have a tendency to overlapor remain underutilised if left unchecked.Additionally, organisations have approached cybersecurity in a piecemeal fashion by adding technologiesto their set-up whenever they felt it was necessary tofill certain point-in-time security gaps, overlooking theoverall security posture.Further, organisations consider established commercialoff-the-shelf (COTS) products for their securityrequirements and do not generally consider otheroptions, including open source/domestically producedsecurity tools, that may provide the desired level ofsecurity contextualised to the threat landscape.6 PwC Securing the future of businessToday, it is imperative for organisations to look attheir security technology stack holistically to enhancesecurity and optimise resources.Many organisations have invested in multiple securitytechnologies, some of which have overlapping features.This happens as some new-generation technologiescombine the multiple features provided bytraditional technologies. For example, next-generationfirewalls have capabilities such as intrusion prevention,URL filtering and application control, along with featuresprovided by traditional firewalls.Organisations can enable additional features andfunctionalities in their existing security set-up toprovide additional security coverage. For example,threat intelligence feeds can be enabled in nextgeneration firewalls, security incident and eventmanagement (SIEM) tools and anti-advanced persistentthreat (APT) systems to provide contextual informationon security events.Organisations can also look at implementing opensource security solutions as well as light-weightstart-up security solutions and services that providethe desired level of security at optimised costs.Given the aforementioned considerations, there isa huge opportunity for organisations to optimallyleverage security technologies.
Optimised securityoperationsManaging the overall security operationsof an organisation involves striking a finebalance between handling operationalrequirements and using resourcesoptimally.It is imperative for organisations to evolvefrom traditional security operationalmethods and costs to flexible securityoperations with a managed securityservices model.Cyber security services have traditionally been builton-premise and their service provisioning operateson a fixed-cost model. However, this can lead tounnecessary cost overruns.Pay for what you needFixed costs are easier to budget for since they remainconstant during a year. However, with evolving businesslandscapes and shifting operational priorities, securityorganisations should strive to identify linkages betweenbusiness functions and related security services. Thiswill enable them to move to a variable cost model andsuccessfully mitigate increasing budgetary constraints.Cyber security activities such as monitoring a 24x7security operations centre are already being outsourcedto enable variable cost models that help organisationsmoderate their security spending. The current crisishas also triggered a need to relook at how day-to-daysecurity operations, administration and managementactivities can be carried out by leveraging third-partymanaged security service providers.7 PwC Securing the future of businessOrganisations can leverage third-party securityservices across multiple areas, including governance,implementation, operations and compliance, toimplement the security as a service (SaaS) model.Organisations may also consider implementinginnovative cost-optimisation models that allow them topay on the basis of the number of security componentshandled/assessments done/incidents resolved.Similarly, organisations can leverage cloud-basedsecurity solutions that enable security teams to deploya cloud layer over the existing IT landscape, allowingservices, including user identity management, securitymonitoring and incident management, to be centrallydelivered. The service requirements can be increased ordecreased, allowing for subsequent cost optimisation.Organisations can also look at outsourcing oroffshoring security operations to low-cost locationsto optimise associated costs.Given the above background, organisations shouldrethink their expenditure on cyber security operationsand move towards a managed services model for notonly security monitoring, but also day-to-day securityadministration and operational activities.
Agile securityorganisationSecurity teams should be equipped withmultiple skill sets to cater to emergingsecurity requirements.Organisations need to rethink theirsecurity organisation structure and lookbeyond traditional security organisationstructures to include virtual teams andexternal panels of experts.To be able to optimally secure organisations againstemerging threat landscapes, it is important for securityteams to have relevant skill sets and be agile andmultifaceted. Security teams need to be experts in coresecurity skill sets and swiftly develop skill sets requiredfor newer and emerging technologies.Considering the shortage of skilled cyber securityprofessionals in the industry, security functions oforganisations face their own set of challenges. Theincreased economic pressure on security functions hasmade it difficult for them to recruit high-skilled subjectmatter experts (SMEs).Further, many security skills are not required throughoutthe year but are largely point-in-time requirements,making it more difficult for organisations to maintaindedicated and large security teams.Organisations now need to go beyond the traditionalstructure of security teams to include the latest trends incyber security.Governing and managing enhanced threat landscapesusing both traditional and emerging technologiesmay require skill sets that are not available withinorganisations. Under such circumstances, theycan appoint a CISO as a service from establishedsecurity agencies for required security oversight andgovernance.8 PwC Securing the future of businessAdditionally, virtual security teams can be hired as aservice to provide security expertise and support thatare not uniformly required throughout the year but onlywhen the need arises.The recent trends in security services have alsoseen a large number of security experts moving tofreelance positions. Organisations can use a resourcemarketplace to onboard and hire freelancers who canprovide various security services and expertise.Organisations can also carry out training programmesfor reskilling and upskilling existing resources tocater to security requirements. This will not only alloworganisations to meet security demands, but alsoenable them to remain updated on the latest securityskills. Further, they may also leverage internal teamsacross functions through cross-skilling to cater topeak requirements in cyber security.These approaches can help organisations create aleaner and agile security team for managing differentaspects of their cyber security.
Automation of securityprocessesOrganisations typically have a lot ofsecurity processes to deal with duringthe course of security governance,management, operations andadministration, which often lead toadministrative burden.Routine tasks within security processescan be moved from manual resourceintensive actions to automated processesto reduce administrative burden andoptimise overall security administrationand management.Organisations should look towardsautomating repetitive and actionablesecurity processes and tasksBusinesses of all sizes are looking to increaseefficiency, optimise costs and utilise their existingtalented resources for tasks that cannot be executedby machines. Irrespective of what one might think ofautomation – the epitome of organisational efficiency ora death knell for certain jobs – it has helped the worldmove forward.Automation allows routine tasks to be performed bymachines and enables an organisation to leverage itspeople for more relevant work.Further, many activities such as vulnerabilitymanagement, data loss prevention (DLP) monitoring,user access provisioning and third-party riskmanagement require heavy manual intervention. Owingto the large amount of data and security events involvedin such activities, there is a significant possibility ofmissing out on critical alerts that may lead to securityrisks at large.9 PwC Securing the future of businessEmerging technologies such as artificial intelligence(AI), machine learning (ML) and robotic processautomation (RPA) can be leveraged to automatesecurity processes that require low-to-medium humaninterventions across functions through cross skillingto cater to peak requirements in cyber security.Organisations can use automation tools along withexisting security technologies to automate lowintelligence, repeatable and actionable tasks andprocesses. This will ensure that resources are availablefor other critical tasks.Further, organisations can also leverage AI, ML and RPAto process large amounts of data and analyse securityevents to create proactive defence mechanisms in anefficient and automated manner, and reduce overall riskexposure.
About PwCAt PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 155 countries with over 284,000people who are committed to delivering quality in assurance, advisory and tax services. PwC refers to the PwC network and/or one ormore of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.Find out more about PwC India and tell us what matters to you by visiting us at www.pwc.in.Contact usSiddharth VishwanathPartner and Cyber Advisory LeaderPwC IndiaMobile: 91 91671 90944siddharth.vishwanath@pwc.comAnas ViquarAssociate Director, Cyber SecurityPwC IndiaMobile: 91 98737 13687anas.viquar@pwc.compwc.inData Classification: DC0 (Public)In this document, PwC refers to PricewaterhouseCoopers Private Limited (a limited liability company in India having CorporateIdentity Number or CIN : U74140WB1983PTC036093), which is a member firm of PricewaterhouseCoopers International Limited(PwCIL), each member firm of which is a separate legal entity.This document does not constitute professional advice. The information in this document has been obtained or derived from sourcesbelieved by PricewaterhouseCoopers Private Limited (PwCPL) to be reliable but PwCPL does not represent that this information isaccurate or complete. Any opinions or estimates contained in this document represent the judgment of PwCPL at this time and aresubject to change without notice. Readers of this publication are advised to seek their own professional advice before taking anycourse of action or decision, for which they are entirely responsible, based on the contents of this publication. PwCPL neither acceptsor assumes any responsibility or liability to any reader of this publication in respect of the information contained within it or for anydecisions readers may take or decide not to or fail to take. 2020 PricewaterhouseCoopers Private Limited. All rights reserved.KS/December 2020-M&C 8546
Associate Director, Cyber Security PwC India Mobile: 91 98737 13687 anas.viquar@pwc.com About PwC At PwC, our purpose is to build trust in society and solve important problems. We're a network of firms in 155 countries with over 284,000 people who are committed to delivering quality in assurance, advisory and tax services.
4 National Cyber Security Centre National Cyber Security Centre 5 The Cyber Threat to Sports Organisations The Cyber Threat to Sports Organisations Forewords Sports organisations are reliant on IT and technology to manage their office functions and,
the 1st Edition of Botswana Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in cyber intelligence, cyber security trends, industry risk ranking and Cyber security skills gap. Over the last 6 years, we have consistently strived to demystify the state of Cyber security in Africa.
What is Cyber Security? The term cyber security refers to all safeguards and measures implemented to reduce the likelihood of a digital security breach. Cyber security affects all computers and mobile devices across the board - all of which may be targeted by cyber criminals. Cyber security focuses heavily on privacy and
Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.
Cyber Security Training For School Staff. Agenda School cyber resilience in numbers Who is behind school cyber attacks? Cyber threats from outside the school Cyber threats from inside the school 4 key ways to defend yourself. of schools experienced some form of cyber
Cyber crimes pose a real threat today and are rising very rapidly both in intensity and complexity with the spread of internet and smart phones. As dismal as it may sound, cyber crime is outpacing cyber security. About 80 percent of cyber attacks are related to cyber crimes. More importantly, cyber crimes have
DHS Cyber Security Programs Cyber Resilience Review (CRR) Evaluate how CIKR providers manage cyber security of significant information services and assets Cyber Infrastructure Survey Tool (C-IST) Identify and document critical cyber security information including system-level configurations and functions, cyber security threats,
Cyber security in a digital business world 68% of cyber security leaders will invest more in security as their business model evolves. 44% are using managed security services 21% report that suppliers and business partners were the source of a cyber attack in the last 12 months www.pwc.co.nz/gsiss2017 Cyber security in a digital business world
