Cyber Security Is A State Of Mind

Uploaded on 2024-01-17 in TECHNOLOGY--Resilience, FREE TO VIEW

Cyber security incidents have never been more  frequent and company Directors have a responsibility to ensure their organisation is resilient in ways that make it much harder for cyber criminals to put the business at risk. 

Although the IT department plays a crucial role in protecting the company against cyber threats, it is a serious mistake to think that cyber security is the exclusive responsibility of the IT department. 

In reality, safeguarding the company against cyber attacks is a shared responsibility amongst all employees, regardless of their role or position. The awareness and collaboration of the entire team are vital in preventing and mitigating cyber risks. 

Boards can be overwhelmed by the complexity of cyber security and the vast array of detailed management presentations addressing compliance, heat maps, penetration testing and the like without understanding their context.  However, in the past, the complex nature of cyber risk has caused many board members to shy away from cybersecurity and to not devote the time and energy required to fully understand and deal with the issue. This is unsustainable as incidents and regulatory pressures mount. 

Adding cyber security expertise to the board can be a partial fix for this problem so long as these additions are not viewed as a tick-box solution which relieves the rest of the board from its responsibility to take measures to achieve cyber resilience.

Today,  are now beginning to see signs of a broader solution wherein the entire board is digging in and devoting the time and energy to understand this systemic risk to their business. Here are some of the  questions that board members should be asking:

  • Is the board adhering to its fiduciary governance responsibility or delegating it to management?
  • Does the board have a sufficient understanding of the enterprise’s business functions and interactions to contextualise cyber risk?
  • Is the board and management properly structured and organised to deal with cyber risk?
  • Has the enterprise adopted a robust cyber security framework it adheres to rigorously?

How does the framework fit into overall enterprise risk management?

  • What criteria is used to make changes to cyber security spending?
  • Does the board understand risk tolerance, and does it interact with management to develop a risk appetite?
  • Does the board understand cyber security presentations by management or are they presented using tech jargon?
  • Do cybersecurity policies and procedures include customer, third party, operational and software interfaces?
  • How do cybersecurity compliance audits relate to governance?
  • What procedures are in place to respond to and report cyber breaches?
  • Does the board participate in tabletop exercises to train for responses to cyber incidents? Boards want to avoid closing the cybersecurity barn door only after an incident. To do so, they need to transform their perception of cyber security governance into reality.

Effective cyber security requires organisational changes necessary to govern and manage complex digital systems, educational changes to develop a common contextual “systems” understanding amongst the board and risk experts, and cultural changes to imprint upon the enterprise the importance of shared responsibility for cyber security.

There are no shortcuts or easy solutions for effective cyber security. The time for an enterprises-wide understanding of systemic cyber risk is right now. Here are some reasons why every employee has a significant role in the company's cyber security:

First Line of Defence:    All employees, from executives to interns, are the first line of defence against cyber threats. Most cyberattacks start with social engineering tactics like phishing or spear-phishing, which aim to exploit users' trust and naivety. By being vigilant and identifying suspicious messages and links, employees can prevent successful attacks.

Internal Threats:    Not all cyber threats come from outside the company. Inadvertent or malicious actions by employees can pose a significant risk to the company's security. Therefore, all staff members should be aware of their responsibilities concerning information security and follow best practices to protect confidential data.

Passwords and Authentication:    The proper choice and management of passwords are individual responsibilities. Weak passwords and password reuse are common security failures that can lead to data breaches. Employees should follow strong password policies and use two-factor authentication whenever possible to ensure the protection of their accounts.

Personal and Remote Devices:    With the increasing adoption of remote work and the use of personal devices for business purposes, employees must ensure that their devices are protected and updated with the latest security measures. They should also be aware of the risks of public Wi-Fi connections and use a secure VPN connection when accessing sensitive information.

Security Awareness Training:    The company should provide regular security awareness training for all employees. This will help educate them about the latest cyber threats, how to identify suspicious activities, and how to report potential security incidents.

Security Culture:    A strong security culture is built through the commitment of all employees to protect the company's assets. Employees should feel encouraged to report potential security issues and share their concerns. In summary, cyber security is a collective responsibility and should not be neglected by any team member. Collaboration between the IT department and all employees is essential for effective protection against cyber threats. 

Only through teamwork and  constant vigilance ca organisations strengthen their security posture and significantly reduce the risks associated with growing cybersecurity threats.

Oodaloop:    @Ooda:      EmpireTechnologies / LinkedIn:       Jo. of Cubersecurity:       ScienceDirect:   

Risk Academy

Image: Cottonbro Studio

You Might Also Read: 

How Does Your Board Measure Cyber Resilience?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« US Space Force Has Plans To Use Artificial Intelligence 
Fujitsu Knowingly Supplied Faulty Data To The British Post Office  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.