GRC Becomes Critical, as Cyberattacks, Data Frauds Emerge as High-Impact Threats

SAP | May 13, 2020

GRC Becomes Critical, as Cyberattacks, Data Frauds Emerge as High-Impact Threats
  • The last year WEF Report on significant global threats lists cyberattacks and data fraud as high-impact threats in the near future.

  • New-generation GRC tools recognise that business process flows are dynamic and fluid, and hence enable us to build dynamic rule sets with adaptive capabilities.

  • GRC principles fit well with what is called the ‘agile’ approach and are more relevant and important today than ever before.


2020 will be remembered as the year of an almost worldwide lockdown caused by a virus. What could be next? The 2019 WEF Report on significant global threats lists cyberattacks and data fraud as high-impact threats in the near future. This underscores the fact that Governance, Risk and Compliance (GRC) is becoming increasingly critical within organisations, and the stakes are higher than ever should businesses fail to get it right. We’re living through an era hallmarked by a rapid increase in the rate of change in the marketplace. Organisations are being forced to adapt to the new realities. Successful organisations are becoming more agile in their ways of working.


New-generation GRC practitioners are seeing the opportunity for GRC to play a greater role in proactive value creation, more than ever before, and are embracing new agile technologies and methodologies in doing so. GRC principles fit well with what is called the ‘agile’ approach and are more relevant and important today than ever before. Getting GRC right in an agile environment depends on having the correct mindset, approach and tools. Agile thinking encompasses the idea of “clock speed”. This is the pace at which an organisation, as an entire system, is able to move, react, adapt and so forth. It is estimated that today’s average large organisation requires a clock speed 3-5 times faster than the equivalent organisation a decade ago.



Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES
 

“GRC principles fit well with what is called the ‘agile’ approach and are more relevant and important today than ever before. Getting GRC right in an agile environment depends on having the correct mindset, approach and tools”.

~ SAP organisations


Whilst agile thinking has brought great benefits in increasing clock speed, it has also brought with it a significant misconception about GRC. In the pursuit of agile delivery, GRC can easily be seen as part of the ‘old paradigm’ and hence ignored or undervalued. Alternatively, even if the GRC function is appreciated by business, GRC practitioners often fail to adapt their approach to the new clock speed realities. Many new-generation GRC practitioners find themselves operating in a traditional organisation. They face a decision to either be an advocate for change or simply go through the motions and deliver the kind of GRC the organisation requires.

" In our increasingly fast-paced world, there is a strong correlation between successful GRC and levels of business-user engagement in SAP organisations".


Could someone in GRC influence organisation-wide change? We believe they can. With a ‘courageously pragmatic’ approach one could advocate for company-wide change, possibly finding kindred spirits within the company, whilst at the same time pragmatically delivering GRC requirements within the prevailing framework. So, what is the correct approach then for agile GRC? Given that organisations differ vastly by industry, regulatory environment and GRC maturity, amongst others, there is no ‘one-size-fits-all’ answer. Here are a few agile GRC descriptors. Agile GRC realises the need for engaged business users, and hence puts business users at the centre of the process. GRC language is converted into a language that business users can understand.


This is further achieved through more intuitive tools such as introducing business process visualisations that help contextualise and understand risks. A lack of engaged business users has always been the Achilles heel of GRC. Research shows it is the leading cause of GRC implementation projects floundering. Engaged business users are more vital than ever given the fluidity of organisational environments today. GRC must become a team sport. If business users are unengaged, it falls to the GRC team to ensure that access risk remains healthy. This is usually done in an episodic fashion, frequently timed to coincide with an audit. In addition, traditional GRC tools are built upon static rule sets, which should be reviewed ‘from time to time’ to adapt to any changes in business process flows.


Learn more: WHAT YOU NEED TO KNOW ABOUT THE CYBERSECURITY SOLARIUM COMMISSION REPORT .
 

Spotlight

Financial services institutions are at the forefront of Cyber-attacks and keeping information safe is critical to maintaining customer confidentiality, ensuring regulatory compliance, and protecting the brand. In response, Network Security strategies are being adapted to provide traditional prevention at the edge, augmented by enhanced detection and response capabilities at the core.

Related News

PLATFORM SECURITY

Robo Shadow officially launches free Cyber Security Platform

Robo Shadow | September 27, 2021

UK based Cyber Security start-up, Robo Shadow, have launched their initial product set as they attempt to take on the big guns in Cyber Security. The Platform boasts a range of features including Vulnerability Scanning, Hardware and Software reporting for all your devices, reporting on Windows Defender centrally (removing the need for third-party Anti-virus) and much more. We want to democratise Cyber Security, by removing the cost and the complexity.The Robo Shadow Cyber Platform effectively is an attack surface management platform aimed at helping organisations quickly understand their cyber-attack surface. This is so people can See what the hackers see when they are planning their attacks. The easy-to-use Platform will also give all the helpful hints in closing the vulnerabilities that Penetration Tests and Vulnerability Assessments uncover. This cutting-edge software has a straightforward approach to how Cyber Information is displayed and digested by the users, supported by an extensive AI-driven cloud backend. Terry Lewis, CEO and prolific tech investor When asked about the commercial model for Robo Shadow, the team states: "We want people to use our software for free and will only have to pay if they require advanced services like support, penetration testing and consultancy. That way, anyone can get the free tech they need, whether they are a School, Business or even a Government Institution. If need be, they can pay for a subscription to use our internal team to help support and advise on the cyber outputs generated by the Platform. Free users to the Platform will still have access to developer style support." Currently, the initial offering has everything from Vulnerability Scanners, Windows Defender Agents and Office 365 integration. Future versions of the Platform will include Google, Microsoft & Amazon Cloud Integration, Mac and Linux Cyber Agents and an array of technology for businesses to manage their Cyber-attack surface and deliver daily Sec Ops aspect to their business. The team have enjoyed a decent first run boosted and helped by their popular Android App available in the App store. The App allows people to remotely scan their networks both inside and out for vulnerabilities to understand their attack surface better. Originally the Android App was built as a proof of concept to demonstrate how simple the tech needs to be to make a significant effect in helping people understand their Cyber Attack surface.

Read More

Small and Medium Businesses Need to Improve Their Cybersecurity Post COVID-19 Lockdown

BullGuard | June 09, 2020

Given the sheer quantity of SMBs, their cybersecurity directly affects local resiliency in the face of cyber threats, SMBs must embrace their importance and scale up their cybersecurity appropriately. Published research showing that one third of small and medium businesses (SMBs) use free, consumer-grade cybersecurity tools . The government and major financial services players alike tout the digitization of SMBs. Increased use of information technology and digital assets offer companies new sources. COVID-19 showed the world that widespread business failure affects communities. When businesses fail, business owners and workers can suffer heightened mental health issues and economic insecurity. Business failure increases the demand on local government for public assistance for unemployment benefits, small business loans, and more. Businesses that survive have fewer customers, and customers have fewer dollars to spend. As a result, more businesses fail. As more businesses fail, more people suffer. Alternatively, business success strengthens communities. Thriving businesses encouraging the creation of community identify and get involved in local events. They contribute to their localities’ long-term economic growth by increasing the tax base, providing local jobs and products, building infrastructure, and encouraging competition. The government and major financial services players alike tout the digitization of SMBs. Increased use of information technology and digital assets offer companies new sources of revenue and growth, which companies desperately need in the midst of the current economic collapse. Even as digitization increases, 66 percent of small-business senior decision makers believe that cyber-attacks will not affect them. However, 67 percent of businesses suffered a cyber-attack in 2019. Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS Finding online resources to boost cybersecurity is easy. Plenty of private companies publish lists of best practices. On its website, the Small Business Administration offers free access to planning tools, business assessments. ~ Business Administration Since the beginning of the COVID-19 pandemic, one in seven SMBs have experienced a cyber-attack. Due to their general absence of awareness regarding best cybersecurity practices and their indifference toward the problem, small businesses have insufficient personnel dedicated to protecting their networks and their digital assets. Their staff lack necessary technical skills, and they do not have the budgets required to acquire or purchase adequate protection. The result is a self-defeating cycle. A small business hit by a cyber-attack can fail, like the California-based Efficient Services Escrow Group, which closed and laid off all employees following a cyber heist. When businesses fail, their employees lose their jobs and no longer have enough money to purchase goods and services from other small businesses. Those businesses lose money as a result, and their owners, stressed about their economic prospects and already apathetic toward the importance of prioritizing cybersecurity, spend less on network and digital asset protection. The lack of proper spending and prioritization leads to worse cybersecurity practices, which in turn open the door to more cyber-attacks and more business failure. As SMBs prioritize their time and spending during the long process of reopening, they need to take advantage of these free tools and take their cybersecurity at least one step further. Cyber resiliency is the ability to anticipate cyber-attacks or stresses on digital and cyber resources, withstand them, and recover from them. As cyber-attacks on SMBs systematically weaken local communities, they lose their ability to withstand and recover. This strains public resources. Taxes comprise the largest source of revenue for local governments, but when businesses fail, their tax dollars dry up. Local governments, already lacking requisite cybersecurity resources, lose their ability to secure themselves and their communities. Failure is not inevitable. SMBs can take steps to increase their cyber resilience and boost their chances of success. Owners should lead by example and pay attention to their employees’ online habits. They can demonstrate good cyber hygiene and teach their employees to do the same. Owners should identify business-critical assets and data to prioritize their protection. They should be proactive, rather than reactive, when planning protection against cyber-attacks. Finding online resources to boost cybersecurity is easy. Plenty of private companies publish lists of best practices. On its website, the Small Business Administration offers free access to planning tools, business assessments, cyber hygiene vulnerability scanning, and best practices. As SMBs prioritize their time and spending during the long process of reopening, they need to take advantage of these free tools and take their cybersecurity at least one step further. Read more: REDSCAN WARNS OF AN INFLUX OF CYBERATTACKS WHEN BUSINESSES RETURN TO THE OFFICE

Read More

Cybint Launches Remote Version of its Renowned Accelerated Cybersecurity Career Bootcamp

Cybint | July 24, 2020

Global cybersecurity education leader Cybint is taking steps to meet the needs of professional learners in today's unprecedented training and professional development environment, launching a remote version of its military-grade Cybint Bootcamp.As with the live training version, the Remote Cybint Bootcamp is designed and built by former military intelligence officers and focuses on skills in demand for the job market. With the onslaught of an economic recession brought on by the pandemic, the need for accelerated career tracks is critical – especially online. Cybint and its partners in vocational training centers and universities worldwide are now enrolling hundreds of bootcampers virtually to be prepared for future-proof cybersecurity positions. With low unemployment rates and lucrative career opportunities, cybersecurity is one of the most in-demand tech careers in existence.The Cybint Bootcamp, which boasts a post-completion 97% employment rate, provides an affordable, accelerated route to high-paying entry-level cyber jobs for students and/or professionals who need to upskill or re-train for new career opportunities. In just three months the Bootcamp successfully prepares people with little or no IT background to successfully pursue a cybersecurity career.

Read More

Spotlight

Financial services institutions are at the forefront of Cyber-attacks and keeping information safe is critical to maintaining customer confidentiality, ensuring regulatory compliance, and protecting the brand. In response, Network Security strategies are being adapted to provide traditional prevention at the edge, augmented by enhanced detection and response capabilities at the core.