Protecting the confidentiality, integrity and availability of data is a necessary response to digital disruption. With so much digital data being generated and the explosion of remote/hybrid working, this often means guarding against cyberattacks, which have become larger, more frequent and more sophisticated.
By 2025, global cybercrime costs could reach US$10.5 trillion annually. PMI and PwC's research shows that over one-third of organizations face cybersecurity concerns when using technology to improve decision-making and outcomes for projects.
While IT departments may be responsible for overseeing cybersecurity, everyone has a part to play, including contractors and temporary staff. Here are three considerations for how project managers across the organization can work with cybersecurity teams, HR and other functions to mitigate cyber risks:
- Improve cybersecurity awareness. Regular training on how to spot scams and implement best practices can fight complacency and help employees recognize evolving threats. The effectiveness of training also needs to be measured, for example, by looking at the number of suspicious emails reported or cybersecurity costs.
- Create a culture of shared responsibility. “The wider business needs to buy into the importance of cybersecurity as a collective agenda,” says Fady Younes, cybersecurity director at Cisco Middle East and Africa. “Employees must feel a sense of duty to safeguard information.”
- Manage third-party cyber risks. Research shows that two-thirds of large enterprises suffered software supply chain attacks in 2021. Steps to minimize such risks include creating a centralized vendor repository, assessing and monitoring the risk for each vendor and putting appropriate controls in place.
Data from the FBI shows that both monetary losses and complaints are rising dramatically, with phishing and similar attempts increasing 110% between 2019 and 2020 and extortion rising by 78%. Identity theft rose the most of any type of cybercrime, increasing 170% in one year. People over 60 comprise the largest group of victims of monetary loss. This group of near- or already retired people reinforces the need for better training and protections both in and outside the workplace.
Global Megatrends 2022
After the U.S., the U.K. accounted for the highest number of victims of cybercrime, followed by Canada and India.
The stories of giant hacks and compromised personal data that we read with increasing frequency must spur all of us to develop our awareness of these risks and take extraordinary care to guard against them.
Prioritizing Cybersecurity: Interview With Fady Younes
Fady Younes is cybersecurity director at Cisco Middle East and Africa.
"The pandemic has been a wake-up call," says Fady Younes. "Employees need to be kept secure on every device, from wherever they choose to work." To manage the risks posed by highly distributed teams, security must be at the core of network infrastructure. "This includes vendor consolidation, secure collaboration solutions for file sharing and communication, and workforce education."
Younes shared the results of research conducted by Cisco Talos that provides insight on the pervasive nature of the threat. "Nearly 70% of ransomware attacks resulted from cybercrime tools widely available for purchase. Known as ‘commodity trojans,’ ransomware attacks often found on the dark web are effective against systems with patching and endpoint vulnerabilities.
"Chief information officers and chief technology officers play an increasingly pivotal role in assuring that digital transformation continues to be embedded not only in the long-term strategic direction of the company, but also its day-to-day IT operations," Younes stressed. "The chief information security officer, meanwhile, drills down to strategize the securing of all systems and data. They must work in harmony."
Customized, scalable cybersecurity solutions are "mission critical," Younes adds. And for information security (IS) teams to create effective security frameworks, "training and support are key components, whether it be developing the right strategy, being equipped with the tools to ensure best practice or having access to training and ongoing capacity building."
But Younes warns that apathy can set in. "Sadly, many do not understand the true level of responsibility required by all to keep the company safe. The truth is that a compromise can come from any angle, even something as simple as clicking on the wrong link or file in an email. And with this minor action, the results can be catastrophic."
Businesses must transition from a mindset that is reactive to one which is more proactive.
Cybersecurity Director at Cisco Middle East and Africa
- Anchore. (2021). Anchore 2021 software supply chain security report.
- Federal Bureau of Investigation (FBI). Internet Crime Complaint Center. (2020). Internet Crime Report 2020.
- Morgan, S. (2020, November 13). Cybercrime to cost the world $10.5 trillion annually by 2025.