Blog of the GRITS Research Group. Next-generation networks for the Internet of the future, Fog Computing and the Internet of things to implement custom designs in hybrid cybersecurity clouds, in large-scale storage systems and long-distance communications.

17 March 2023 | Posted by angela.tuduri

Cyberattacks on companies are on the rise: How do we manage digital threats from the organization?

The theft of data is intensifying, but profiles focused on its management are growing.

In the new digital era, cybersecurity is becoming a very important figure for companies with online operations. Protecting customer data and avoiding putting business information at risk are fundamental aspects for the development of any organization. 

From this perspective, cybersecurity is positioned as a priority issue in business risk management and government agendas and the need to include profiles involved in the management of digital attacks and information theft increases. 

What does the new profile that manages and directs corporate cybersecurity look like? 

Cybersecurity in the spotlight - challenges and risks 

In recent years, the steady increase in cyber-attacks and information theft in organizations worldwide has been remarkable.  

The Center for Industrial Cybersecurity (CCI) published a report (2021) in which they detected a 20% growth in cases related to information theft compared to the previous year; being last year (2022) 48%.  

The accelerated growth of digital transformation has allowed us to incorporate new technologies into our daily lives that, if not managed correctly, put data and information at risk.”

- Genis Margarit i Contel, coordinator of the Master's Degree in Cybersecurity Management

The growing exposure to cyber risks has turned IT security into a key aspect for the management and leadership of companies and organizations.  


How does a hacker act? 

Cybercriminals use techniques to gain unauthorized access to computer systems and obtain as much information as possible. These techniques are becoming increasingly sophisticated, and hackers can act individually or in organized groups to penetrate any business system or government institution.  

Ransomware, for example, is an increasingly common threat used by cybercriminals in which they encrypt the victim's data and demand a ransom for its recovery. 

Another increasingly common technique is social engineering. In a social engineering attack, criminals impersonate a trusted person and trick the user to gain full access to their data. There are different types of hackers, depending on the intention and technique they employ. 

Currently, we find a profile requested by companies and organizations to deal with data security. The white hat hacker. This profile checks and secures the company's information and data so that they are not compromised.  

Need for professional profiles dedicated to cybersecurity management. 

Cybersecurity management and governance is responsible for overseeing policies, processes and technologies aimed at protecting an organization's systems, networks and data from cyber threats.

In this context, a new profile focused on corporate and governmental information security, the CISO (Chief Information Security Officer), appears. 

The CISO is the professional in charge of the IT security of the system that through techniques and methods - legal and ethical - secures the data and detects the vulnerabilities of the IT systems.  

The role of the CISO as a corporate cybersecurity manager 

The growing demand for a profile with management and leadership skills has become a necessity for companies and governments. They are in charge of planning and directing the strategy in terms of cybersecurity against possible threats and information theft to protect digital assets.  

The Chief Security Officer is responsible, among other things, for leading the technical cybersecurity teams and protecting the company's data by defining the policies that will determine cybersecurity governance.  

His responsibilities include management, control and supervision techniques, as well as knowledge of the current social and economic environment. 

Identification of the cybersecurity framework - Data Governance and Lean Cybersecurity 

The first steps taken by the CISO will be directly related to the current social and economic business environment.  

Understanding the organization's mission, objectives and activities by recognizing the terminology, standards and best practices related to cybersecurity and critical infrastructure management will also be one of the first steps a CISO takes.  

The actions to be carried out will include vulnerability analysis and risk treatment, development of the security strategy and elaboration of information governance frameworks and standards.  

Understanding the hierarchy, roles, responsibilities and organizational culture will help ensure an effective and scalable risk plan over time.  

Critical infrastructure protection, definition and implementation of cybersecurity governance and policies. 

The next step focuses on designing and managing the cybersecurity policies and strategies developed by the company. The CISO will work on information security along with industry standards, making preventive plans and periodic audits that control the security of corporate data.  

The cybersecurity manager understands the architecture and available resources that optimize information security control.  

On the other hand, the CISO profile applies the basic knowledge of data protection law and the implementation of security measures in the cybersecurity strategy.  

Cybersecurity risk prevention 

Identifying threats and following up on policies in cybersecurity management is also the CISO's job. He or she will be responsible for leading the organization's response to security incidents.  

This includes assessing the impact of the incident, identifying the root cause and implementing corrective actions to prevent future incidents.  

Developing monitoring reports and reporting to the steering committee on the steps and phases involved in the lifecycle of an intelligent threat will build a more robust defense strategy.  

Responding to cybersecurity challenges 

Ultimately, the cybersecurity manager of a company or organization will be responsible for organizing all online incident management processes to protect digital assets.  

From identifying the management frameworks and making the specific action plan, to drafting monitoring reports and determining the tools and technologies to be implemented in the security systems.  

The enterprise cybersecurity manager will realize a SOC (security operations center) management and monitoring structure that responds to potential threats and keeps the security strategy intact.  

Cybersecurity management processes  

It is clear that the role of the cybersecurity director and manager is becoming essential in today's companies and organizations. Having a professional capable of managing and controlling digital security actions during the lifecycle of any cyber threat is indispensable. 

As we have mentioned, the role of the CISO controls all phases of the cyber-attack lifecycle, these being:  

  • Risk identification  

  • Risk assessment  

  • Risk management planning  

  • Implementation of security measures  

  • Continuous monitoring and evaluation 

New studies focused on cybersecurity management 

The high demand for professionals trained to manage all phases of a company's cybersecurity is growing. In 2022, the study published by the European Commission on digital skills and jobs pointed to a shortage of 350,000 cybersecurity professionals on the continent.  

The financial, health and government sectors are the most demanded and affected by the increase in cyber-attacks. Today, any company - large or small - must include in its strategy, control and monitoring of cybersecurity so that its information and data are not damaged.  

From this new framework, studies in the management and direction of cybersecurity emerge, requesting experts in the field capable of developing effective strategies and leading technical teams to mitigate digital threats.  

These profiles require technical skills related to cryptography, network security and the management of technical and human resources in multidisciplinary teams.  

Master's Degree in Cybersecurity Management - La Salle-URL 

At La Salle-URL we are aware of the growing demand for this professional profile. Threats and cyber attacks or theft of data and information put in the spotlight new digital profiles highly demanded.   

That is why, from the campus, we incorporated the Master's Degree in Cybersecurity Management, a program focused on the management and direction of teams and strategies that mitigate digital threats.  

The program focuses on the tactical and operational management of cybersecurity in an organization, including essential skills in security architecture, data protection and/or legal issues. 

The Master's Degree in Cybersecurity Management is recognized for its practical approach and for being specifically designed to train students in the management and direction of cybersecurity in an organization. 

Boost your future and train at a pioneering university with a 100% practical and professionally focused program. 




Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
14 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.