Industry and businesses are notoriously bad at doing something about cyber security.
It’s not until something happens do we see an investment in a solution.
Playing the game!
Ever played “Whack a mole”?
The little arcade game where you try to bash the little creature (mole) that comes out of predesignate holes with a large hammer.
It is a lot of fun.
Definitely not the best use of time when tackling problems. Still a lot of fun!
Put it into business terms. When it comes to protecting an organisation from a cyber event, cherry picking or bashing the noticeable things is not the best use of your time, money and resources.
Like whack a mole, you often miss more than you succeed. In whack a mole it is not that much of a problem, but in cyber security, a little miss can impact your organisation significantly.
It is about time we got away from this whack a mole mentality.
When it comes to cyber security, things are always going to “pop up”. How you protect your organisation is not about using a big hammer, being reactive.
In today’s business world you have to be proactive. You have to anticipate what may come and have a solution in place prior to it happening.
How can you do that?
When it comes to cyber security or securing your organisation from a cyber event there thousands of companies out there who will tell you that they have the silver bullet, the one solution that you need to be secure and always be secure.
Sorry, but this is straight bull.
There is nothing out there that is going to be the silver bullet of cyber security. There are too many ways of attacking a system. There are too many ways to confuse users and administrators into making that silly mistake.
What you can do is implement a framework.
Use a framework to find out what you need to do, what you need to secure, how you are going to secure those systems and information and work out a risk assessment. This will help you define your appetite for risk and do something to protect the organisation.
Now you can go out and purchase those “bright shiny” solutions because you now understand what needs to be protected and how you are going to do that.
The framework will help you implement policy, procedures and processes, educate your staff and implement a back to business plan.
To do this you need to have some level of direction and that can only be achieved with a framework.
Using a framework will also allow you to measure your cyber maturity and the maturity of organisations that you do business with.
Need some help implementing a framework, please contact me and I can help you develop the best way forward to protect your organisation.
Roger Smith is the CEO of R & I ICT Consulting Services, Director of client security at Care MIT, Lecturer at ADFA (UNSW – Australian School of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.