The Single Most Important Consideration for any Cybersecurity Plan

How would you describe your organisation’s level of cybersecurity maturity or readiness?

Do you have a cybersecurity strategy? Does your senior management team, or board, have cybersecurity on their agenda?

No matter your organisation size, cybersecurity is neither a “set and forget” proposition, nor a set of products that a company owns.

Cybersecurity is an on-going process that relies on an all-of-organisation approach to create layers of protection. Enterprise IT will remain a key stakeholder, but can no longer be the only cybersecurity policy owner.

To put this into perspective, companies invest millions of dollars in backups and disaster recovery programs because they know the crippling cost of an extended outage or data loss. However, too often these organisations don’t invest the same in cybersecurity despite the real potential of the same catastrophic outcome.

A cybersecurity framework is now an essential tool.

As a result, a cybersecurity framework has become an essential tool for organisations as they come to grips with where they are today, and where they need to be to protect their business.

If you don’t already have a cybersecurity framework, a quick search throws up many options of varying levels of quality, detail, and ease of implementation. The challenge is then finding the right one for your business and applying it.

Cisco have produced their own Cybersecurity Management Framework which is a comprehensive, best practice guide to implementing a cybersecurity management program. Even if your business already has a framework in place, it can be a useful comparison to highlight gaps in your own framework, or simply give you peace of mind about your existing approach.

The comprehensive nature of this framework though may make it difficult for some companies who are just starting out. Honestly, it can look a bit overwhelming for those that are new to cybersecurity, and can some can find it hard to get started.

In our experience, keeping things simpler at first – adopting a more agile approach to developing your own cybersecurity program – will allow you to start small, with achievable results, and then refine your approach over time.

The most important consideration of any cybersecurity program.

With this in mind, at our recent JuiceIT conference, Major General Stephen Day (former head of the federal government’s Australian Cybersecurity Centre in Canberra) delivered a keynote on cybersecurity. During his presentation, Day talked about a radical change that made the biggest impact on their own cybersecurity program, and is equally applicable to any organisation.

This approach is based on changing the way organisations think about cybersecurity – moving away from a set of products owned to by Enterprise IT, to a cultural approach owned by the organisation’s executive management.

In Day’s view, the most important consideration of any cybersecurity program was in the way cybersecurity is explained and communicated throughout an organisation.

After all, the best security products and services in the world still can’t protect your business from staff that click on suspicious emails, use the same password on many different systems, or even worse, continue using weak passwords.

When it comes to communication, the IT team often aren’t the best people to communicate such a technical topic to a non-technical audience. During his keynote, Day went on to explain how he gave up technical positions from his cybersecurity team and replaced them with communications experts to translate this technical topic into plain, understandable language.

Once the messaging was created, his team brought marketing professionals on-board to run awareness campaigns throughout the organisation to ensure everyone understood the role they played, no matter how small, within the organisation’s cybersecurity program.

When we relate this back to the Cisco CMF, in their conclusion they have 10 key success factors for any cybersecurity program and number 10 is exactly this:

Dedicate time and effort to develop consistent, congruent and easily understood documentation that clearly describes the what, why, when, where, how, and who is responsible for every action required by the program.

In the end, people are typically the weakest link in the cybersecurity chain. Set the right culture, educate your people, and everything else will follow.

Tags: Cybersecurity



Customer Story: Victoria State Emergency Services

Decommissioning Legacy Server Environment Cuts Risk for Victoria State Emergency Service Download Customer Story…

Data#3 named Veeam Pro Partner of the Year 2021
Data#3 named A/NZ Veeam Pro Partner of the Year

Source Publication: ARN Australia (Click to view on source website) Veeam has revealed its Australia and New Zealand (A/NZ)…

Webinar: Behind every breach is a known flaw
Behind every breach is a known flaw
Customer Story: SeaRoad Holdings

SeaRoad Holdings chart a digital transformation course with HPE GreenLake Download Customer Story…

Print is back! Design, transition, and manage your schools print fleet with Data#3 and HP

The printer – and close cousin, the photocopier – have been a school staple for decades. While some argue that…

BTC Markets Case Study
Customer Story: BTC Markets

BTC Markets Enables Growth and Boosts Security with Cisco Solution from Data#3 Download Customer Story…

Vision Super Customer Story
Customer Story: Vision Super

Vision Super Achieves Cost Advantages with Data Centre Refresh from Data#3 Download Customer Story…

Dissecting Aruba ClearPass
Network Security Made Easy: Dissecting Aruba ClearPass

Let’s talk about ClearPass, the family of rock-solid network access control solutions from Aruba, a Hewlett Packard Enterprise company.