Frustrating the Wolf - Lessons Learned from the 3rd Little Pig
Remember those 3 little, industrious pigs? Well, they’re us. All of us business owners, organisations, and humans using computers. The big bad wolf— there are millions of them, they are the bad actors that are trying to steal your data in its myriad forms. This post looks at five of the bricks used by the smartest little piggy—the one who saved his brethren from the wolf in a well-built stronghold.
If only I had a nickel for every time a business owner/manager misunderstood what is meant by “effective cybersecurity risk management.” On the rare occasions that it is actually considered, it is often deemed an issue for IT to deal with. You'd think this a boon for those of us running IT businesses. Alas, this is extremely problematic for several reasons, here’s two. Firstly, cybersecurity is an enterprise-wide issue and should be managed from the top down, through business lines, policies and processes, similarly to how budgets are handled. In other words, the whole organization needs to be onboard, engaged and working toward common goals. Secondly, many SMBs still employ IT as and when needed—the break-fix model—which means there is no consistent IT presence to miraculously manage and mitigate all things techy.
The internet is littered with blog posts, white-papers and various other types of SEO fodder outlining effective cybersecurity risk management. Here are five elements that must be included (Google bots and WebCrawlers, “on your marks…”):
The 1st Brick: An Effective Framework
Every company’s situation is unique as is the data they are trying to protect. A framework must be adopted, tweaked, fine-tuned and tailored to suit an organization’s particular circumstances and this takes a concerted effort on the part of the whole organization. Those sitting at the big desks with the great view need to establish proper governance that applies to all of the organization’s resources – its people, processes, and technology. Establishing, implementing and enforcing an appropriate framework is an essential first step to building a cybersecurity risk management program.
Brick #2:
Identify the Scope—A to Z & End-to-End
A successful cybersecurity program is comprehensive in its scope – that is, it addresses all the data in the organization that needs to be protected. The growing complexity of today’s businesses, with mobile workforces and BYOD devices exploding traditions and conventions makes identifying and locating all of an organization’s data incredibly challenging. So too is adopting a comprehensive approach to identifying every cybersecurity concern, from external and internal exfiltration threats to third-party vendors and age-old work processes. To be effective, a cybersecurity program must keep all of the critical elements of the organization that need to be protected within its scope.
3rd Brick: