Is cybersecurity an Information issue or business issue?

At the information security forum’s (ISF) last meeting, the problems associated with protecting business from a cyber attack were discussed.  This discussion involved a large number of fortune 500 and Forbes 2000 company, C level executives and revolved around the premiss of whether cybersecurity is a technical problem confined to individual areas of a business or a business problem involving the whole of the business.

According to Price Waterhouse Cyber crime is the third largest problem associated with business in the developed world.  Cyber crime is no longer a technical problem, defeating cybercrime and cyber criminals requires a whole of business attitude change by everyone in the organisation to the protection of internal and external business information and the data that it collects

To make sure that business information is better protected the following areas have to have an improved level of protection.   The incorporation of these four facets of the whole of business system create a strong and flexible system of protection that protects the business right from it implementation.

The technology side includes and ensures the correct hardware and software is in place.   It ensures that the technology side of the business is using best practice to achieve the right protection.

The second level is the command and control or management component of the business needs to be defined, who is doing what, implementation of policies, processes and procedures and audit of access and the training of staff.

The third component is how adaptable is the business.   This not only includes disaster recovery, risk management and business continuity but also cyber resilience.

Once all of these components are in place then the final component should be relatively easy to incorporate, that is the compliance issues that come from just doing business in today’s world.

These four areas, technology, command and control, adaptability and compliance create a secure environment or framework for any size business to, not only do business but also protect their data, their users, their customers and their suppliers from most levels of cyber attack.

In my opinion, cybersecurity is no longer just an exercise in one person or department in the organisation trying to protect the assets of the business.   It is a whole of business attitude to protecting and securing everything within the business by everyone.

The cybersecurity of the organisation is an ongoing process from the CEO down.    It also includes the worker bees at the coal face who see and hear what is happening in the outside world, where the business meets the customer, probably the most vital area of any business.   Cybersecurity and business protection is a fine line between capability and protection, but it is something that has to be done for your business to flourish and prosper.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.