Сybercrime is growing year by year: the attacks on finance, information and the reputation of companies are becoming widespread, and the attackers are getting more inventive. What are the most effective ways of information protection in modern conditions? This question was debated at the conference “Challenges of Digital Transformation” held in February in Moscow, Russia.
The discussion covered three main issues: the relations of information security departments with other departments and employees, the budget and the relations of security officers with regulators. The regulation in Russia is very specific, therefore, such experience is of little use in other countries. The more interesting topic concerns relations with employees and corporate financiers.
It’s all about the money
Cybersecurity issues in Russia were far from a priority — as always, profit is the king. Businessmen see no reason to think about it, and if something bad happens, it proves that investing or not investing in cybersecurity can’t protect business from losses. So, how to convince a business to support information security?
As practice has shown, the most effective argument is the use of metrics, the language of numbers, specific volumes of prevented financial losses. How many attacks were made last year and what proportion was prevented? If the figure was 93%, then next year the security department should commit to increase it to 98%.
The subject to sufficient investment in the necessary software and employee training. What was the proportion of false alarms of the security system? They can be prevented if business invests in upgrading obsolete systems. How much revenue did the company lose as a result of the customer outflow, which were frightened by information about incidents? And what about thefts of the customer base, which was resold to competitors? Such cases can estimate financial losses from cyberattacks, thus it is possible to…