The Single Most Important Consideration for any Cybersecurity Plan

How would you describe your organisation’s level of cybersecurity maturity or readiness?

Do you have a cybersecurity strategy? Does your senior management team, or board, have cybersecurity on their agenda?

No matter your organisation size, cybersecurity is neither a “set and forget” proposition, nor a set of products that a company owns.

Cybersecurity is an on-going process that relies on an all-of-organisation approach to create layers of protection. Enterprise IT will remain a key stakeholder, but can no longer be the only cybersecurity policy owner.

To put this into perspective, companies invest millions of dollars in backups and disaster recovery programs because they know the crippling cost of an extended outage or data loss. However, too often these organisations don’t invest the same in cybersecurity despite the real potential of the same catastrophic outcome.

A cybersecurity framework is now an essential tool.

As a result, a cybersecurity framework has become an essential tool for organisations as they come to grips with where they are today, and where they need to be to protect their business.

If you don’t already have a cybersecurity framework, a quick search throws up many options of varying levels of quality, detail, and ease of implementation. The challenge is then finding the right one for your business and applying it.

Cisco have produced their own Cybersecurity Management Framework which is a comprehensive, best practice guide to implementing a cybersecurity management program. Even if your business already has a framework in place, it can be a useful comparison to highlight gaps in your own framework, or simply give you peace of mind about your existing approach.

The comprehensive nature of this framework though may make it difficult for some companies who are just starting out. Honestly, it can look a bit overwhelming for those that are new to cybersecurity, and can some can find it hard to get started.

In our experience, keeping things simpler at first – adopting a more agile approach to developing your own cybersecurity program – will allow you to start small, with achievable results, and then refine your approach over time.

The most important consideration of any cybersecurity program.

With this in mind, at our recent JuiceIT conference, Major General Stephen Day (former head of the federal government’s Australian Cybersecurity Centre in Canberra) delivered a keynote on cybersecurity. During his presentation, Day talked about a radical change that made the biggest impact on their own cybersecurity program, and is equally applicable to any organisation.

This approach is based on changing the way organisations think about cybersecurity – moving away from a set of products owned to by Enterprise IT, to a cultural approach owned by the organisation’s executive management.

In Day’s view, the most important consideration of any cybersecurity program was in the way cybersecurity is explained and communicated throughout an organisation.

After all, the best security products and services in the world still can’t protect your business from staff that click on suspicious emails, use the same password on many different systems, or even worse, continue using weak passwords.

When it comes to communication, the IT team often aren’t the best people to communicate such a technical topic to a non-technical audience. During his keynote, Day went on to explain how he gave up technical positions from his cybersecurity team and replaced them with communications experts to translate this technical topic into plain, understandable language.

Once the messaging was created, his team brought marketing professionals on-board to run awareness campaigns throughout the organisation to ensure everyone understood the role they played, no matter how small, within the organisation’s cybersecurity program.

When we relate this back to the Cisco CMF, in their conclusion they have 10 key success factors for any cybersecurity program and number 10 is exactly this:

Dedicate time and effort to develop consistent, congruent and easily understood documentation that clearly describes the what, why, when, where, how, and who is responsible for every action required by the program.

In the end, people are typically the weakest link in the cybersecurity chain. Set the right culture, educate your people, and everything else will follow.

Tags: Cybersecurity



JuiceIT Guest Blog | How XDR can help when time is of the essence

The only thing worse than cyber threats is an inability to detect those threats in time. Organisations need the…

JuiceIT Guest Blog | Veeam Platform: Reliable and Fast Recovery from Ransomware in a Hybrid World.

Ransomware attacks have become a growing concern for organisations of all sizes in Australia and New Zealand, resulting in significant…

Customer Story: Pernod Ricard Winemakers

Azure Migration gives Pernod Ricard Greater Flexibility and Improved Performance Download Customer Story Contact a Specialist…

Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…

Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…

Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…