The Single Most Important Consideration for any Cybersecurity Plan

How would you describe your organisation’s level of cybersecurity maturity or readiness?

Do you have a cybersecurity strategy? Does your senior management team, or board, have cybersecurity on their agenda?

No matter your organisation size, cybersecurity is neither a “set and forget” proposition, nor a set of products that a company owns.

Cybersecurity is an on-going process that relies on an all-of-organisation approach to create layers of protection. Enterprise IT will remain a key stakeholder, but can no longer be the only cybersecurity policy owner.

To put this into perspective, companies invest millions of dollars in backups and disaster recovery programs because they know the crippling cost of an extended outage or data loss. However, too often these organisations don’t invest the same in cybersecurity despite the real potential of the same catastrophic outcome.

A cybersecurity framework is now an essential tool.

As a result, a cybersecurity framework has become an essential tool for organisations as they come to grips with where they are today, and where they need to be to protect their business.

If you don’t already have a cybersecurity framework, a quick search throws up many options of varying levels of quality, detail, and ease of implementation. The challenge is then finding the right one for your business and applying it.

Cisco have produced their own Cybersecurity Management Framework which is a comprehensive, best practice guide to implementing a cybersecurity management program. Even if your business already has a framework in place, it can be a useful comparison to highlight gaps in your own framework, or simply give you peace of mind about your existing approach.

The comprehensive nature of this framework though may make it difficult for some companies who are just starting out. Honestly, it can look a bit overwhelming for those that are new to cybersecurity, and can some can find it hard to get started.

In our experience, keeping things simpler at first – adopting a more agile approach to developing your own cybersecurity program – will allow you to start small, with achievable results, and then refine your approach over time.

The most important consideration of any cybersecurity program.

With this in mind, at our recent JuiceIT conference, Major General Stephen Day (former head of the federal government’s Australian Cybersecurity Centre in Canberra) delivered a keynote on cybersecurity. During his presentation, Day talked about a radical change that made the biggest impact on their own cybersecurity program, and is equally applicable to any organisation.

This approach is based on changing the way organisations think about cybersecurity – moving away from a set of products owned to by Enterprise IT, to a cultural approach owned by the organisation’s executive management.

In Day’s view, the most important consideration of any cybersecurity program was in the way cybersecurity is explained and communicated throughout an organisation.

After all, the best security products and services in the world still can’t protect your business from staff that click on suspicious emails, use the same password on many different systems, or even worse, continue using weak passwords.

When it comes to communication, the IT team often aren’t the best people to communicate such a technical topic to a non-technical audience. During his keynote, Day went on to explain how he gave up technical positions from his cybersecurity team and replaced them with communications experts to translate this technical topic into plain, understandable language.

Once the messaging was created, his team brought marketing professionals on-board to run awareness campaigns throughout the organisation to ensure everyone understood the role they played, no matter how small, within the organisation’s cybersecurity program.

When we relate this back to the Cisco CMF, in their conclusion they have 10 key success factors for any cybersecurity program and number 10 is exactly this:

Dedicate time and effort to develop consistent, congruent and easily understood documentation that clearly describes the what, why, when, where, how, and who is responsible for every action required by the program.

In the end, people are typically the weakest link in the cybersecurity chain. Set the right culture, educate your people, and everything else will follow.

Tags: Cybersecurity



Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…

K-12 Video Period
Securing the school network amidst escalating threats

Security threats are now a routine problem for increasingly connected education institutions. The good news is that a new generation…

Protecting Data in a Cloud World: What You Need to Know About Azure Backup

Welcome to Part 1 of our 3-part blog series, exploring data protection options and considerations for when you’re operating in…

The Southport School Revisited
The Southport School: Four Years On

How have their investments in wireless networking and security paid off after four years? Download Customer…

Palo Alto Security Growth Partner of the Year
Data#3 Triumphs with Palo Alto Networks Security Award

November 11, 2022; Sydney, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Delivering the Digital Future, Securely

Cyber security challenges continue to evolve, compliance obligations increase and skills shortages stress your teams – what if we could…

ACSC Essential Eight Maturity Model: Regular Backups
Essential Eight Maturity Model: Regular Backups

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity…

Data#3 Named Global Cisco Security Partner of the Year
Data#3 Accomplishes Five Year Winning Streak – Named 2022 Global Security Leader

November 02, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…