The majority of organizations, cities, and infrastructure run on technology. Disruptions to that technology via cyber attack can have a wide range of consequences from minor inconveniences to companies collapsing, people dying, or infrastructure (i.e., water) not working. Plus, it causes billions of dollars worth of damage, reputational damage, and a reduction in operational efficiency. Yet the problem is that most businesses don’t know where to start on their cyber strategy. Well, cyber security expert and the Founder of OccamSec, Mark Stamford, explains the key factors that decision-makers need to consider when implementing cybersecurity solutions.
“Over the years, we have seen what works, what doesn’t, and where the gaps are,” said Stamford. “The biggest gap is organizations needing more and more tools and services to secure themselves effectively. The key to effective security is joining the dots, not having more dots scattered in more places.”
Here are the four main points to consider when considering cybersecurity for your company.
Understand What You Need
Unless you have many resources to throw at it, what do you do to best secure your organization? What does best secure even mean? Which tools do you buy? Do you need a pen test? There are endless questions, and the answers seem to change daily, so how does anyone deal with this?
“Ultimately, if you determine that a cyber attack could massively harm your business, then make it a higher priority,” said Stamford. “If it won’t impact you ‘too much and you can keep going, then maybe make it less important. Obviously, it has to be important if you have compliance requirements to meet. Keep in mind that laws are changing, and if you don’t take at least a reasonable level of care, you may be liable for harm done to others.”
The need for security is pushing up the price of the security. Because the sector is “hot,” it’s flooded with applicants. “Unless you have a considerable budget to spend on security resources, it’s difficult to get someone who can help,” said Stamford. “Ask yourself, ‘What are we trying to protect? So what’s the most important piece of data (and where is that data), or technical asset for us?'”
Realize That Business and Tech Are Connected
“Often cybersecurity issues are placed in a technical context,” said Stamford. “But if they can’t be tied back to the organization, then it’s hard for non-technical people to understand them, and even harder to show value.” Historically cybersecurity is seen as a purely technical field; this doesn’t help anyone.
Get Past the Hype
Because almost everyone is impacted by cybersecurity, everyone is trying to sell something. Right now, there is so much hype “this product will make you 100% secure!” “Stops all attackers” “A.I to secure your business” that we are in a boy who cried wolf situation. Stamford said, “Everything is being questioned, nothing seems to do what it says, and organizations build up more resentment for anyone offering any solution.” Instead, ask, “Are we getting the most from the money we spend on cyber security?” That will help weed out the schemes from the players that will help your business’s security.