1 Introduction / Executive Summary
Organizations are critically dependent upon IT services and are therefore vulnerable to cyber security incidents. This report provides a tool to evaluate the maturity of your organization’s cyber security to defend against and recover from cyber incidents.
Organizations have moved from using IT services that are exclusively delivered by equipment on-premises to a mixture of delivery models that include cloud services. The need for digital business transformation to provide greater flexibility as well as cost reduction has driven this move to a hybrid IT environment. At the same time cyber risks have increased with cyber criminals and nation states using cyber-attacks to blackmail organizations and disrupt society. Furthermore, the change in how IT services are delivered brings with it increased challenges of management, compliance, and security. This makes it essential to continuously review and update your cyber security posture, processes, and tools.
There are three main cyber security related business risks: loss of business continuity, compromise of business data, including fraud, and compliance failure. Cyber security processes and technology address these risks. Business continuity risks from ransomware, Distributed Denial of Service (DDoS) attacks, as well as simple system failures and natural disasters have increased as businesses have gone digital. Data is the most valuable asset of the modern digital business and theft of intellectual property as well as personal data breaches can be expensive. Organizations must comply with more regulations and laws and cyber failures put their obligations under these at risk.
In addition, technological advances such as the increasing use of Generative Artificial Intelligence (AI) and Machine Learning create additional dependencies and cyber risks. Regulations now identify risks to data during processing by third parties and approaches such as pseudonymization must be considered. Quantum computing advances pose a threat to today’s widely used encryption technologies and organizations need to plan a transition to quantum safe encryption.
Cyber security encompasses a wide range of processes and technologies that are intended to address these risks. They help to ensure good “cyber hygiene” by identifying the assets that are at risk, removing weaknesses, protecting against misuse, detecting threats and risky behaviors as well as recovering from cyber-attacks. Traditional cyber security tools ranging from anti-malware to identity and access management are readily available and can help to reduce these risks if they are used effectively.
While major Cloud Service Providers (CSPs) go to great lengths to secure the services that they provide, it is up to the cloud service customers to secure how they use these services. The responsibility for security and compliance is shared between the cloud customer and the CSP. There are now many tools on the market in tools intended to help organizations to manage the new risks. Organizations need to exploit these new tools to provide consistent cyber security governance across the hybrid IT estate.
All these factors make it important for organizations to continuously review and update their cyber security approach.