fbpx
Share

The Single Most Important Consideration for any Cybersecurity Plan

How would you describe your organisation’s level of cybersecurity maturity or readiness?

Do you have a cybersecurity strategy? Does your senior management team, or board, have cybersecurity on their agenda?

No matter your organisation size, cybersecurity is neither a “set and forget” proposition, nor a set of products that a company owns.

Cybersecurity is an on-going process that relies on an all-of-organisation approach to create layers of protection. Enterprise IT will remain a key stakeholder, but can no longer be the only cybersecurity policy owner.

To put this into perspective, companies invest millions of dollars in backups and disaster recovery programs because they know the crippling cost of an extended outage or data loss. However, too often these organisations don’t invest the same in cybersecurity despite the real potential of the same catastrophic outcome.

A cybersecurity framework is now an essential tool.

As a result, a cybersecurity framework has become an essential tool for organisations as they come to grips with where they are today, and where they need to be to protect their business.

If you don’t already have a cybersecurity framework, a quick search throws up many options of varying levels of quality, detail, and ease of implementation. The challenge is then finding the right one for your business and applying it.

Cisco have produced their own Cybersecurity Management Framework which is a comprehensive, best practice guide to implementing a cybersecurity management program. Even if your business already has a framework in place, it can be a useful comparison to highlight gaps in your own framework, or simply give you peace of mind about your existing approach.

The comprehensive nature of this framework though may make it difficult for some companies who are just starting out. Honestly, it can look a bit overwhelming for those that are new to cybersecurity, and can some can find it hard to get started.

In our experience, keeping things simpler at first – adopting a more agile approach to developing your own cybersecurity program – will allow you to start small, with achievable results, and then refine your approach over time.

The most important consideration of any cybersecurity program.

With this in mind, at our recent JuiceIT conference, Major General Stephen Day (former head of the federal government’s Australian Cybersecurity Centre in Canberra) delivered a keynote on cybersecurity. During his presentation, Day talked about a radical change that made the biggest impact on their own cybersecurity program, and is equally applicable to any organisation.

This approach is based on changing the way organisations think about cybersecurity – moving away from a set of products owned to by Enterprise IT, to a cultural approach owned by the organisation’s executive management.

In Day’s view, the most important consideration of any cybersecurity program was in the way cybersecurity is explained and communicated throughout an organisation.

After all, the best security products and services in the world still can’t protect your business from staff that click on suspicious emails, use the same password on many different systems, or even worse, continue using weak passwords.

When it comes to communication, the IT team often aren’t the best people to communicate such a technical topic to a non-technical audience. During his keynote, Day went on to explain how he gave up technical positions from his cybersecurity team and replaced them with communications experts to translate this technical topic into plain, understandable language.

Once the messaging was created, his team brought marketing professionals on-board to run awareness campaigns throughout the organisation to ensure everyone understood the role they played, no matter how small, within the organisation’s cybersecurity program.

When we relate this back to the Cisco CMF, in their conclusion they have 10 key success factors for any cybersecurity program and number 10 is exactly this:

Dedicate time and effort to develop consistent, congruent and easily understood documentation that clearly describes the what, why, when, where, how, and who is responsible for every action required by the program.

In the end, people are typically the weakest link in the cybersecurity chain. Set the right culture, educate your people, and everything else will follow.

Tags: Cybersecurity

Featured

Related

Webinar: Data#3 Licensing Update and Microsoft 365 A5 Deep Dive
Data#3 Licensing Update and Microsoft 365 A5 Deep Dive

During the recent ISQ IT Managers forum, many schools expressed strong interest in a follow-up session on Microsoft 365…

ACSC Essential Eight Maturity Model: Patch Operating Systems
Essential Eight Maturity Model: Patch Operating Systems

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity…

ACSC Essential Eight Maturity Model: Restrict Admin Privileges
Essential Eight Maturity Model: Restrict Administrative Privileges

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security…

Cisco-Meraki-Smart-Spaces
Smart Space Technology is Leading the Fightback Against Rising Energy Costs

Just as the country hit winter, and even Queenslanders were spotted wearing long sleeves, the prospect of power…

Data#3 named worldwide Microsoft Surface+ Partner of the Year
Data#3 named worldwide Microsoft Surface+ Partner of the Year

July 19, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…

Data#3 appoints John Tan to CCO
Data#3 appoints John Tan to newly created Chief Customer Officer position

July 13, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…

Meraki smart spaces
Smart Spaces: Changing Work for the Better

There’s a certain strangeness to heading back into the workplace after a lengthy spell working from home during lockdowns. Workers…

Customer Story: ElectraNet

ElectraNet cuts costs and increases visibility with technology intelligence solution Download Customer Story…