Skip to main content
Home » Digital Security » Detecting and Mitigating Cyber Risks in a Digital World
Digital Security

Detecting and Mitigating Cyber Risks in a Digital World

Rolf von Roessing, CISA, CISM, CGEIT

Vice Chair, ISACA; Partner and CEO, Forfa Consulting AG

Today, digitalization presents a major change to our day-to-day life, both at work and at home. But what about the risk? Media, educators, and government channels frequently report new threats that may put our money or even our lives at risk.

We need to manage these risks ourselves, as we own the devices and systems that could be attacked. Whether it’s a smartphone, a home automation system, or a laptop – the user is the greatest risk and the strongest layer of defense. 

No passing the buck

In business, we often think IT workers will do cybersecurity for us. Yes, they will do what they can, but it is up to individual users in the company to detect cyber risks and threats, or at least report suspicious cases to IT for further handling. As a result, we need to be more proactive and do some hardening to our daily IT, just as we do with private homes or corporate premises.

First, let’s look at what we usually use that introduces risk. Around most people, there are a bunch of smart devices that — when taken out of the box — have a lot of unwanted apps and data on them. 

In a corporate setting, IT should always replace the factory state with a tailored installation image. In settings where people bring their own devices, it makes sense to provide the right tools as an intranet download or self service. In this way, cyber risk can be reduced quickly and to a fairly low level. 

Who do you trust?

In our private lives, we may not have these handy IT folks around. Users should look to trustworthy institutions and their websites to find simple (or complex) guides to dealing with personal devices. These are freely available for most device types, such as laptops and smartphones. 

By following the instructions, cyber risk can be reduced quickly and radically. Most tools will tell you what the red flags are and automatically fix the weaknesses in a matter of seconds.

For the more advanced users, or admins having to manage cyber risk in larger corporate environments, there are tried and tested frameworks, and how-to guides that are strong enough to pass the test of compliance and audit departments — examples include ISACA’s COBIT framework and the NIST Cyber Security Framework. These lay the groundwork for finding out where the risks are, how dangerous they may be to businesses, and what the most successful mitigation strategies will be. 

IT practitioners in the corporate world should always use frameworks and recognized standards; not only do they ensure compliance and completeness, but they often prove to be effective in making the business case for budget, and then spending it wisely.

Increasingly, individuals and organizations alike understand cyber risks are very real and often need mitigation. ISACA’s State of Enterprise Risk Management 2020 survey shows the majority of organizations say their overall risk has increased in the past 12 months, with cyber risk presenting the most critical risk category. 

While organizations must continue to mature their risk management practices, the user is key — after all, the more helpers who are available to provide quick and effective risk reduction, the better. Detecting and dealing with risk in a fully digital world is a matter of listening and learning as much as it is about technology.

Next article