Cyber Security is no longer just for Information Systems. Businesses need to create adaptive strategies from the top down in order to become Cyber Resilient. Cyber breaches affect the C Suite even more today than they did last year. The 5 strategies listed below are a good starting point.
- Define your business risk – Senior Management has to be involved. Despite the media attention following a series of high-profile retailer breaches, many organizations have not yet elevated information security to a Board-level discussion.
According to PWC, fewer than half (42%) of respondents say their Board actively participates in the overall security strategy and 36% say the Board is involved in security policies.[i]
In the wake of yet another massive retailer breach, management is starting to ask more questions about cybersecurity readiness.
What will put your company under?
Defining your business risk will let you know where to invest resources; to look at the outcomes and focus on the business impact of cyber risks. To get perspective, business leaders need to ask “what are our most important business assets and how do our security measures relate to them?”
- Develop a risk management and security policy – Include more than just cyber security. Ensure the policy focuses on threats to your key assets, including the people, processes, and technology that are connected to or have access to those assets. Make sure that you have security controls (people, process and technology) that can mitigate those threats.
- Build and test your recovery plan – Be specific, test your plan regularly and update it as your security posture changes. This includes knowing what your network looks like and what devices are on your network especially your critical assets and databases. In the early days of “network security” we knew our network and every device on our network. In today’s wild wild west of the “globally connected” we have lost the capability to track each device especially on an Enterprise network.
- Develop a business resilience budget – weigh IT budgets to key assets. Maximize ROI by prioritizing cyber related spending and targeted risk reduction. Ensure your key assets, including your people are included in your budget priorities. Protecting these will protect your business and provide a competitive advantage.
- Expect and anticipate breaches – create plans to minimize operational, financial and the loss of reputation of your business after a breach. Don’t forget about the upstream/downstream access to networks and data including service providers, consultants and even former employees. What happens if your knowledgebase disappears? What happens if the whole C-Suite gets fired after a breach, how do you recover that knowledge? How do you ensure you have the people, process, technology and governance?
Cask provides Business and Cyber Resiliency assessments. Call us, we can help.
[i] Retrieved from the The Global State of Information Security® Survey 2015 at URL http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf.