What's Happening?
A recent analysis by Resilience highlights the importance of translating cybersecurity risks into financial terms to secure adequate budgets from CFOs and boards. The report focuses on ransomware in the manufacturing sector, revealing that 90% of incurred
losses are due to ransomware, despite only 12% of claims being related to it. The analysis also identifies key security failures, such as software vulnerability exploits and MFA misconfigurations, which contribute significantly to financial losses. Resilience recommends implementing compensating controls, such as network isolation and enhanced monitoring, to mitigate these risks. The report emphasizes the need for continuous MFA validation and targeted social engineering training to combat phishing and credential compromise.
Why It's Important?
The findings underscore the critical need for CISOs to effectively communicate cybersecurity risks in financial terms to secure necessary investments. By mapping security failures to financial losses, CISOs can better advocate for budget allocations that address specific vulnerabilities. The report's insights are particularly relevant for the manufacturing sector, which is heavily targeted by ransomware attacks. However, the principles can be applied across various industries to enhance cybersecurity measures. The emphasis on MFA validation and social engineering training highlights the importance of addressing human factors in cybersecurity strategies.
What's Next?
Organizations are advised to audit and validate their MFA deployments, implement procedural controls for financial transactions, and invest in ransomware containment and response strategies. These measures are expected to materially reduce cybersecurity risks and financial losses. As CISOs present these findings to boards and CFOs, there may be increased pressure to allocate resources towards improving cybersecurity infrastructure and practices. The report suggests that translating technical risks into financial language will be crucial for securing future investments.
