According to the 2021 World Economic Forum's Global Risks Report on cybersecurity, connected devices are expected to reach 27 billion this year. The threat landscape continues to expand with trends such as significant growth in the mobile workforce and expansion of Internet of Things (IoT) devices. Cyber criminals are exploiting associated vulnerabilities, impacting information security systems of every size in every industry.
Moving forward in 2021 and beyond, organizations should continually balance a remote workforce and safeguard information, as many will proceed with policies that allow employees to divide their time working in the office and remotely. Organizations should also continue to focus on securing their information assets in this hybrid work environment. Some ongoing areas of diligence include:
- Protecting collaboration tools and teleconferencing
- Creation and revision of security policies and procedures
- Identity and access management, including implementation of multi-factor authentication
- Ongoing training and guidance of workforce on cybersecurity threats and policy
- Continuity of operation plans, disaster recovery plans and incident response plans
To successfully implement and evolve such a broad and highly developed cybersecurity strategy, many organizations would employ an in-house Cybersecurity Information Security Officer (CISO) and team. However, organizations that lack such resources for an internal CISO should consider external resources to help with cybersecurity and compliance, including a scalable, cost-effective cybersecurity program.
The ecosystem is only as strong as its weakest link. The recent attacks against FireEye and SolarWinds highlight the sensitivity of supply chain issues and dependence on providers of IT functionality and services. Organizations must consider what the breadth of this exposure really means and must take steps to assess the real extent of their entire attack surface and resilience to threats. An inclusive and cross-collaborative process involving teams across different business units is vital to make sure there is an acceptable level of visibility and understanding of digital assets.
Leveraging External Information Security Advisors Provides Real Benefits
Outsourced security advisors can provide value to organizations by helping to develop and implement a scalable cybersecurity program, giving access to resources that many organizations do not have in-house. For example, much like an in-house information security team, FORVIS' security advisors provide both strategic and technical skills that can supplement internal capabilities to help safeguard your organization's critical information assets. Examples include:
- Risk assessment and risk reduction strategy
- Governance program development
- Information systems and data identification, classification, and protection strategy
- Proactive analytics and intelligence
- Experience in firewall, intrusion detection systems and intrusion prevention systems security
- Identity and access management
- Mobile device management strategies
- Audit and compliance
- Incident response plan and procedures
- Security information and event management (SIEM) recommendations
Equally important, a professional security advisor can offer significant cost savings. The median salary for a CISO in the U.S. is approximately $224,000, with median bonus of $48,840. Recruitment costs, employee benefits and perks are additional. The total cost of an in-house CISO can reach more than $350,000. Hiring security leaders is expensive, and according to CSO Online, "Industry research suggests that the average CISO tenure is only about 24 to 48 months."
The use and cost of outsourced security experts is typically much lower and scalable, and cost can decrease over time. Also, fractional CISO professionals can design, build and mature your security program, then shift some program components to an operational state.
While facing ongoing cybersecurity threats, budgets for information security are typically a fraction of overall IT budgets, and many businesses simply cannot afford to recruit and hire qualified, full-time security leaders. Outsourced security advisors, like FORVIS, can provide highly skilled professionals who focus on the specific needs of an organization's information security priorities – this can potentially reduce the investment in recruiting high-demand security professionals, lower the cost of employee benefits and avoid the expense of frequent turnover.
How FORVIS Can Help
Your information security needs are as unique as your organization, which is why you can look to FORVIS to design a customized information security strategy for your present needs and long-term vision. Our comprehensive approach includes the following steps:
- Performing a complete evaluation of your current cybersecurity program, including your organizational and governance structure
- Providing a detailed report of control gaps, areas of risk and potential future challenges
- Designing a custom program for your specific information security needs that is aligned with your organization's risk tolerance and business goals/objectives
- Preparing a complete budget spend analysis and timeline for proposed implementation
- Perform network security assessments and provide threat intelligence
FORVIS can also provide you with access to a network of experienced information security professionals to help lead your organization's IT security program.
In today's environment, cybersecurity is critical to safeguarding your employees, clients and stakeholders. Let FORVIS help you mitigate information security risks so you can focus on organizational goals and opportunities. To learn more, please contact us.