How to start ‘proper preparation’ for cyber security events

As we all know, poor performance in the realm of cyber security can mean disastrous consequences, from material and financial loss, to reputational damage, serious legal consequences and even total business failure.

According to senior analysts at Palo Alto Networks cyber research division Unit 42, there are three critical questions CISOs and the executive need to answer as the first step towards achieving genuine IT security preparedness. 

These top three questions are:

1. Are the right people in place and are processes optimised? Because cyber security is so complex and multi-faceted, it’s important to have a broad cross-section of people and skills, honed and at the ready.

2. Have you invested in the necessary tools and technology? Having good tech is critical, but this needs to be balanced with the needs of the organisation while taking care not to have too many solutions from different providers.

 

3. Is there proper governance to protect the organisation? What governance frameworks currently exist? Are they applicable or useful for cyber security, or do they need to be reviewed and modernised?

Based on how an organisation responds to these questions, they can then set about redefining their security strategy according to their individual circumstances and needs of the business within its a specific industry vertical.

Because we like the number ‘3’, there are once again many considerations that should take top priority, such as the following:

• Build a strategic roadmap that makes transformation easier. This should take account of the full spectrum of operations, people, processes and assets across the organisation.
• Stay up to date on the latest threats against your organisation. There have never been more threats increasing and evolving every day, demanding unprecedented levels of vigilance.
• Develop an actionable incident response plan. The worst time to assess your cyber readiness is during an actual attack, so be sure to run fire drills or TTX (Table-Top Exercises) to assess and build ‘muscle memory’

Now with a clear picture of today’s most prevalent threats on the security landscape, it’s time to act.

Just a reminder- don’t make the mistake of thinking that you need to go it alone!

Taking a proactive approach to cybersecurity isn’t the job of one person or a specific group. It’s an all-hands-on-deck initiative that requires active participation and buy-in from everyone in your organization, top to bottom from the cyber and tech teams, to the board and most junior members of staff, no matter their role.

It also means choosing the right technical partners that have real experience and deep expertise, and who appreciate that every business is different.

Starting at the top

It’s unlikely the board and senior executives are at the front lines of assessing and testing an organisation’s cyber security posture, but with greater executive accountability  – they are increasingly required – to be across the precise risks facing the company.

Of importance is - what technologies and processes are in place? The location and status of critical assets, and how the broader cyber strategy is designed to protect them and the broader organisation.

Only then can the CEO and board be expected to have full confidence in what CISOs, CIOs and their teams are doing.

And without that confidence, it can be a lot harder to secure the necessary funding and resources to ensure the organisation has the right technologies, processes and overall cyber security strategy it needs to survive and thrive in today’s challenging digital landscape.

Download the Report titled: 5 Security Concerns for CISOs and How to Address Them here or if you would like to discuss your security requirements to ensure your data and staff are protected email here to get in contact with one of Enablis’ security experts.